newACME provider selection LE vs ZeroSSL on a per domain basis
In the LetsEncrypt configuration it is now possible to select between ZeroSSL or LetsEncrypt as an ACME provider.
This is only visible in the Evolution skin.
Legacy mode for swapping LetsEncrypt with ZeroSSL with magic file
/root/.zerossl is now deprecated.
newCgroups now support setting MemoryMax limit
This is an absolute Memory limit. When reached it triggers Out-Of-Memory Killer.
It is useful when used in combination with
newtask.queue option to resync User and Reseller configs to their packages
You can now reset Users/Resellers to match any manual changes to their packages via the CLI/task.queue The option already exists when using the GUI simply by saving the package.
The syntax would be:
echo "action=rewrite&value=package&type=user|reseller&creator=CREATOR&package=PACKAGE" >> /usr/local/directadmin/data/task.queue
Where the type=user refers to User Packages and Users created by CREATOR, and type=reseller refers to Reseller Packages and Resellers created by CREATOR (usually admin). This triggers the user_modify_post.sh and reseller_modify_post.sh hooks as of 1.63.7.
newOptional ftp upload confirmation via remote ftp size listing (SCRIPTS)
We've had one report where curl did not throw any error on remote disk was full, resulting in lost data. As an extra layer of checks, new internal directadmin.conf default variable:
can be set to 1:
./directadmin set backup_ftp_upload_confirmation 1
which follws up any successful curl upload with a curl download (updated ftp_list.php) which returns the filesize as well. This is compared to the local size and an error is thrown if there is a mismatch.
improvedUpdate Nginx unix route templates
From Nginx Unit version 1.26.0
share action behaviour changes from specifying document root directory that gets prepended to request URI, to specifying full path to the file to serve.
Route templates has been updated to reflect this change.
Please note that this change doesn't update currently configured routes.
evolution improvedUpdated ClamAV feature user interface
ClamAV feature now allows to select a pre-defined scan paths to avoid having to type in scan path manually. It is still possible to use custom scan path.
removedLogin-key usage count feature is removed
A feature allowing login-keys to have max usage counter is deprecated and removed. It was decided that most useful login-key usage limitation is time based. API usage counters does not work well because for some actions to be achieved multiple API requests might be necessary and it is hard to know in advance how may API requests will be made.
We recommend that all existing login-keys with usage limit to be updated to have time restriction.
fixedSecurity issues reported by Rack911 team
Continuation of work on a set of security issues that were reported by the Rack911 team.
This release hardens some manually triggered CLI tools.
We recommend everyone to update to this version.
fixedSocket leak on legacy cli --DocumentRoot call
Compatibility mode for listing user document roots from cli causes persistent HTTP requests to linger leading to FD exhaustion. Issue is fixed in this release.