Changelog
v2.5.0 - [2024-11-26]
New
- PHP 8.4 Support
- MariaDB 11.4 Support
- Translations: Hungarian, Slovak, Thai
Bug Fixes
- #471 username error
- #476 Shebang incorrect in /usr/bin/clpctl
- #484 Unexpected brackets at the beginning of files
- #500 Custom cron commands are not working
- #505 Web based File Manager does not upload files
- #511 .well-known directory deleted after certificate renew
- #527 Unable to login with site user via ssh key when ftp user is created (Thanks to ccMatrix)
- #530 File permissions revert to 0770 after file modification
- #535 "Additional Configuration Directives" doesn't allow for spaces in value
- #540 S3 backup - Region - Middle East (UAE) me-central-1 missing
- Translation Fixes
Enhancements:
- New AWS regions for S3 remote backup
Security:
- Privilege Escalation from clpctlWrapper command (Yell Phone Naing) (HIGH)
- Privilege Escalation: Site User Access Allows Linux Password Changes (HIGH) (Yell Phone Naing)
- Server IP disclosure despite using Cloudflare (Yell Phone Naing)
v2.4.2 - [2024-05-21]
New
- Debian 12 and Ubuntu 24.04 with HTTP/3 Support
- Node.js 22 LTS Support
- Translations: Serbian, Georgian
Bug Fixes
- #427 Cannot rename files in file manager
- #430 Comma in cron jobs minute
- #434 I think this should be a bug.
- Translation Fixes
v2.4.1 - [2024-01-22]
New
- Translations: Bosnian
Enhancements:
- The issuance of Let's Encrypt certificates is being tested against the staging environment first to avoid rate limit errors
- The performance of creating sites, especially Node.js sites, has been enhanced
Bug Fixes
- #382 phpMyAdmin sorting not working
- #383 Instance Reboot at Admin/Instance/Setting doesn't reboot and block auto login from login pages
- #406 CloudPanel Dashboard doesn't when using the AWS EC2 installer.
- Translation Fixes
Security
- Vulnerability that allows a user with the lowest privilege to conduct a session hijacking, subsequently gaining unauthorized access to the admin and other user accounts. (Muhammad Aizat, datack.my)
v2.4.0 - [2023-11-27]
New
- PHP 8.3 Support
- Node.js 20 LTS Support
- Translations: Danish, Czech
Enhancements:
- The databases are backed up prior to executing remote backup
- The site settings and vhost are being included in the remote backup file
- Updated phpMyAdmin to 5.2.1
Bug Fixes
- #329 duplicate settings key in file-manager.conf
- #338 The original certificate is not removed when you delete a web application
- #355 Login Page Autocomplete/Password Manager Issue
- #359 When you delete a website the nodejs app started with PM2 is not deleted
- #363 Custom v2-varnish vhost templates cause a 403 page and missing Varnish settings
- #367 phpMyAdmin basic auth doesn't work when CloudPanel basic auth is enabled
Security
- File Manager: New file chown issue (CVE-2023-43880)
- File Manager: Zip symlink (BSDTAR) (CVE-2023-43881)
- OS Command Injection from chmod file (CVE-2023-46157, Muhammad Aizat, datack.my)
- Command Injection (Yell Phone Naing)
v2.3.2 - [2023-08-21]
New
- Translation: Koran, Persian
Bug Fixes
- Translation Fixes
Enhancements:
- Vietnamese, Chinese Translation
- RTL stylesheet improvements
Security
- #298 MySQL Root Password Leak from site user (Thanks to Yell Phone Naing)
- Critical: Privilege Escalation to root from user (Thanks to Yell Phone Naing)
v2.3.1 - [2023-06-20]
Bug Fixes
- #287 Colon in remote cloud backup breaks most filesystems
- #290 File Manager Extract not working since v2.3.0
- #293 Strange \n\n inside the certificate file used for custom domain.
- Translation Fixes
Security
- Critical (CVE-2023-35885): Insecure file manager cookie authentication (Muhammad Aizat, datack.my)
- Critical (CVE-2023-36630): Insecure File Upload leads to Privilege Escalation and Authentication Bypass (Mohammad Zulfiqar)
v2.3.0 - [2023-06-06]
New
- Translation: Bulgarian
- New CloudPanel CLI Root Commands:
Enhancements
- The site user name and password can be entered manually for new WordPress sites.
Bug Fixes
- #278 CLI need normalize domain name field
- #284 CLPCTL - Problem with special characters in password result false error
- Translation Fixes
Security
- Critical (CVE-2023-33747): Privilege Escalation to root from user. Big thanks to Muhammad (datack.my, host.sabily.info) for reporting and testing
- OS Command Injection. Big thanks to Laurence from crowdsec.net for reporting and testing
v2.2.2 - [2023-04-03]
New
- MariaDB 10.11 LTS Support
- Hebrew
- Japanese
Bug Fixes
- #245 New Reverse Proxy | root folder permission in htdocs www.site.com folders
- #254 Site path / copy and paste issues
- Translation Fixes
v2.2.1 - [2023-02-27]
New
- Reverse Proxy
- Chinese (Simplified)
- Chinese (Taiwan)
Bug Fixes
- #210 Dark mode: Separating table borders missing
- #220 Hetzner Snapshot cleanup throws an exception when delete protection is enabled on a snapshot
- Translation Fixes
v2.2.0 - [2022-12-08]
New
- Add PHP 8.2 Support
- Dark Mode
- Node.js 18 LTS Support
Improvements
Bug Fixes
- #208 Unable to create a WordPress site with a database server that doesn't use the default port 3306
- Translation Fixes
v2.1.0 - [2022-11-03]
New
Improvements
- Generate Password Link for Site User Password Update
Bug Fixes
- #138 WordPress Admin login doesn't work with passwords which contains special characters like
- #150 Cron Job PHP version issue
- #153 Backup Custom Rclone Config Time
- Translation Fixes
v2.0.4 - [2022-09-08]
New
- Added Languages: Arabic, Ukrainian
Bug Fixes
- #137 Remote backups don't get deleted after configured retention period, it affects only the SFTP storage provider
- Translation Fixes
- MariaDB 10.9 Support
v2.0.3 - [2022-08-24]
New
- Remote Backup (Amazon S3, Wasabi, Digital Ocean Spaces, Dropbox, Google Drive, SFTP and Custom Rclone Config)
- Added Languages: Italian, Indonesian, Spanish, Romanian, Russian, Polish, Vietnamese
Bug Fixes
- #115 Using " in the additional directives configuration breaks CloudPanel
- #122 Numeral in Domain Name Can't Install Wordpress
- #132 413 Request Entity Too Large, File Manager file upload over 512MB with custom domain
v2.0.2 - [2022-07-04]
Bug Fixes
- Remove FS_CHMOD_FILE and FS_CHMOD_DIR from default WP settings
v2.0.1 - [2022-07-04]
New
- Added Portuguese (Brasil) translation
- Added Turkish translation
- MariaDB 10.8 support for Ubuntu and Debian
- Added Default WP settings:
- WP_MEMORY_LIMIT: 256M
- WP_MAX_MEMORY_LIMIT: 512M
- FS_CHMOD_FILE: 0644
- FS_CHMOD_DIR: 0755
Bug Fixes
- Site User Name generation didn't work with a two-level subdomain like wp.blog.eu.org
- Translations fixes
v2.0.0 - [2022-06-20]
- Initial Release