UniqueSoft/openpanel
2
0
Fork 0
mirror of https://github.com/stefanpejcic/openpanel synced 2025-06-26 18:28:26 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
d1677ce98a
openpanel/website/docs/changelog/0.3.5.md
Stefan Pejcic 379a116512
Update 0.3.5.md
2024-11-08 17:23:00 +01:00

46 lines
4.5 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# 0.3.5
Released on November 08, 2024
### 🚀 New features
- [Email notifications for OpenPanel users](/docs/panel/account/notifications/).
- Option to change password for email accounts, set quota, suspend incoming/outgoing emails from the 'OpenPanel > Emails' page.
- Users can now view and terminate active sessions for their account from the 'OpenPanel > Account > Active Sessions' page.
- Administrators can now set [rate limiting and blocking limits](/docs/admin/intro/#brute-force-protection) for both OpenPanel and OpenAdmin login pages.
- Administrators can now set [session duration](https://dev.openpanel.com/cli/config.html#session-duration) for OpenPanel users.
- Administrators can now create [a custom template to be displayed on domains without any content](https://i.ibb.co/tXkHKyL/default-landing.png).
- New command `opencli admin logs` is available for multitail [all OpenAdmin services logs](https://dev.openpanel.com/logs.html).
- [Error IDs](https://i.postimg.cc/dtC3M7Mq/500.png) to help administrators trace OpenPanel errors with the new command [`opencli error`](https://dev.openpanel.com/cli/error.html).
- [`opencli domais-delete` command](https://dev.openpanel.com/cli/domains.html#Delete-Domain).
### ️🚨 Security fixes
- *Insecure Permission Modification via Fix Permission Function* vulnerability in 'OpenPanel > Files > Fix Permissions' allowed an attacker to access other files outside of the `/home/username/` directory within the user's container.
- *Remote Code Execution via Fix Permission* vulnerability in 'OpenPanel > Files > Fix Permissions' allowed an attacker to execute commands inside the OpenPanel UI container which is accessible to all users.
- *Remote Code Execution via Change Time Zone* vulnerability in 'OpenPanel > Server > Change TimeZone' allowed an attacker to execute commands inside the OpenPanel UI container which is accessible to all users.
- *Unauthorized File Access via Copy Function* vulnerability in 'copy' function on the 'OpenPanel > File Manager' page allowed an attacker to access files from the OpenPanel UI container.
- *Unauthorized File Access via Compress Function* vulnerability in 'compress' function on the 'OpenPanel > File Manager' page allowed an attacker to compress files from the OpenPanel UI container.
- *Unauthorized File Access* vulnerability in the url parsing on 'OpenPanel > File Manager' page allowed an attacker to access files from the OpenPanel UI container.
- *Unauthorized File Access via Download Function* vulnerability in 'download' function on the 'OpenPanel > File Manager' page allowed an attacker to download files from the OpenPanel UI container.
- *Unauthorized File Access via View Function* path traversal vulnerability in 'view file' function on the 'OpenPanel > File Manager' page allowed an attacker to manipulate the file path and view files from the OpenPanel UI container.
### 🐛 Bug fixes
- [Password reset for openpanel users does not end all active sessions on that user #66](https://github.com/stefanpejcic/OpenPanel/issues/66)
- [Error when changing email settings #208](https://github.com/stefanpejcic/OpenPanel/issues/208)
- [phpmyadmin gives token error #265](https://github.com/stefanpejcic/OpenPanel/issues/265)
- [Weird error when I add domain #266](https://github.com/stefanpejcic/OpenPanel/issues/266)
- ['Supplied non-number argument' error when creating emails #268](https://github.com/stefanpejcic/OpenPanel/issues/268)
- [_mysql_connector.MySQLInterfaceError: MySQL server has gone away #269](https://github.com/stefanpejcic/OpenPanel/issues/269)
- [[Errno 2] No such file or directory: '/etc/openpanel/clamav/domains.list' #271](https://github.com/stefanpejcic/OpenPanel/issues/271)
- [Bug with install script on Debian12 Hetzner ISO](https://community.openpanel.org/d/110-installation-issue/6).
### 💅 Polish
- Python version for OpenPanel is updated from `3.10` to `3.12`.
- [Inline documentation for every page on OpenAdmin interface](https://i.postimg.cc/6tzM8Rtg/2024-10-31-20-32.png).
- `opencli user-login` will now display list of users to select and autocomplete username.
- Optimized `openpanel/openpanel:latest` docker image.
- `git` and `apparmor` are now installed automatically on Debian12.
- Email and FTP accounts for use are now deleted when OpenPanel user is terminated.
- Email folders are now automatically created for new domains.
- SSL, DNS, Proxy settings, blocked IPs, ClamAV settings and websites are now automatically deleted when domain is removed.
- Terms no longer need to be accepted for new installations.
Reference in New Issue View Git Blame Copy Permalink