Skip to main content

Changelog

v2.5.0 - [2024-11-26]

New

  • PHP 8.4 Support
  • MariaDB 11.4 Support
  • Translations: Hungarian, Slovak, Thai

Bug Fixes

Enhancements:

  • New AWS regions for S3 remote backup

Security:

  • Privilege Escalation from clpctlWrapper command (Yell Phone Naing) (HIGH)
  • Privilege Escalation: Site User Access Allows Linux Password Changes (HIGH) (Yell Phone Naing)
  • Server IP disclosure despite using Cloudflare (Yell Phone Naing)

v2.4.2 - [2024-05-21]

New

  • Debian 12 and Ubuntu 24.04 with HTTP/3 Support
  • Node.js 22 LTS Support
  • Translations: Serbian, Georgian

Bug Fixes

v2.4.1 - [2024-01-22]

New

  • Translations: Bosnian

Enhancements:

  • The issuance of Let's Encrypt certificates is being tested against the staging environment first to avoid rate limit errors
  • The performance of creating sites, especially Node.js sites, has been enhanced

Bug Fixes

Security

  • Vulnerability that allows a user with the lowest privilege to conduct a session hijacking, subsequently gaining unauthorized access to the admin and other user accounts. (Muhammad Aizat, datack.my)

v2.4.0 - [2023-11-27]

New

  • PHP 8.3 Support
  • Node.js 20 LTS Support
  • Translations: Danish, Czech

Enhancements:

  • The databases are backed up prior to executing remote backup
  • The site settings and vhost are being included in the remote backup file
  • Updated phpMyAdmin to 5.2.1

Bug Fixes

Security

  • File Manager: New file chown issue (CVE-2023-43880)
  • File Manager: Zip symlink (BSDTAR) (CVE-2023-43881)
  • OS Command Injection from chmod file (CVE-2023-46157, Muhammad Aizat, datack.my)
  • Command Injection (Yell Phone Naing)

v2.3.2 - [2023-08-21]

New

  • Translation: Koran, Persian

Bug Fixes

  • Translation Fixes

Enhancements:

  • Vietnamese, Chinese Translation
  • RTL stylesheet improvements

Security

v2.3.1 - [2023-06-20]

Bug Fixes

Security

  • Critical (CVE-2023-35885): Insecure file manager cookie authentication (Muhammad Aizat, datack.my)
  • Critical (CVE-2023-36630): Insecure File Upload leads to Privilege Escalation and Authentication Bypass (Mohammad Zulfiqar)

v2.3.0 - [2023-06-06]

New

Enhancements

  • The site user name and password can be entered manually for new WordPress sites.

Bug Fixes

Security

  • Critical (CVE-2023-33747): Privilege Escalation to root from user. Big thanks to Muhammad (datack.my, host.sabily.info) for reporting and testing
  • OS Command Injection. Big thanks to Laurence from crowdsec.net for reporting and testing

v2.2.2 - [2023-04-03]

New

Bug Fixes

v2.2.1 - [2023-02-27]

New

Bug Fixes

v2.2.0 - [2022-12-08]

New

Improvements

Bug Fixes

v2.1.0 - [2022-11-03]

New

Improvements

  • Generate Password Link for Site User Password Update

Bug Fixes

v2.0.4 - [2022-09-08]

New

  • Added Languages: Arabic, Ukrainian

Bug Fixes

v2.0.3 - [2022-08-24]

New

  • Remote Backup (Amazon S3, Wasabi, Digital Ocean Spaces, Dropbox, Google Drive, SFTP and Custom Rclone Config)
  • Added Languages: Italian, Indonesian, Spanish, Romanian, Russian, Polish, Vietnamese

Bug Fixes

v2.0.2 - [2022-07-04]

Bug Fixes

  • Remove FS_CHMOD_FILE and FS_CHMOD_DIR from default WP settings

v2.0.1 - [2022-07-04]

New

  • Added Portuguese (Brasil) translation
  • Added Turkish translation
  • MariaDB 10.8 support for Ubuntu and Debian
  • Added Default WP settings:
    • WP_MEMORY_LIMIT: 256M
    • WP_MAX_MEMORY_LIMIT: 512M
    • FS_CHMOD_FILE: 0644
    • FS_CHMOD_DIR: 0755

Bug Fixes

  • Site User Name generation didn't work with a two-level subdomain like wp.blog.eu.org
  • Translations fixes

v2.0.0 - [2022-06-20]

  • Initial Release