Version 1.669
Released: 2024-10-16
evolution new
Advanced global search for all layoutsA new global search bar is added to all Evolution skin layouts. It unifies and improves how the search works. Notable changes:
- Search targets (users, domains, menu entries, etc.) can be easily turned on or off inside the search box.
- The search results are grouped by the search target.
- The matching part of the search is highlighted on the search results. This makes it easier to understand why and how the result matched the search string.
- The search results for pages include a page location in the menu.
- Too many results from a single search target is collapsed with an option to show all results. This avoids results from a single target overwhelming the results from other targets.
Note: If custom CSS rules are being used for the Icons Grid layout to recreate the traditional sub-theme (example in the CSS Customizations section), the rules need to be updated to work correctly with the new global search.
evolution improved
Updated two-step authentication pageThe page for enabling and managing two-step authentication is updated. The page can now be found as a new section in the User Profile page.
Key improvements:
- It will no longer be possible to enable it without providing a correct code from the Authenticator app.
- Once enabled, the two-step authentication page will no longer show the authentication secret when the page is visited again.
- An option to send a notification on two-step authentication failures is now grouped with other notification settings in the General section.
- Recovery codes will be automatically generated after two-step authentication is enabled.
evolution improved
Fixed width font for server TLS upload page's inputsThe font used for server TLS upload page's inputs has been changed to one whose letters and characters each occupy the same amount of space.
php[2-9]_mode
options from CustomBuild options.conf file custombuild improved
Removed CustomBuild configuration file options.conf
will no longer keep php2_mode
, php3_mode
, etc. options. The only option used for PHP mode configuration will be php1_mode
. This will make configuration file simpler and shorted.
Removed options are no longer needed because CustomBuild does not support multiple PHP modes since version 1.667.
improved
Spam scanning will be activated by default if allowedIf a User is created with the spam
option set to ON
, this change will now activate Spam Scanning for the User's by default. If the User then creates a second domain, it will use the settings from the first/main domain from the account.
Also, a new optional template can be created to override the internal defaults:
/usr/local/directadmin/data/templates/custom/spam_defaults.json
A sample of this file might look like:
{
"required_hits" : "3.5",
"high_score" : "8",
"high_score_block" : "yes",
"rewrite_subject" : "1",
"subject_tag" : "***SPLAM***",
"whitelist_from" : [
"always@delivered.com"
],
"blacklist_from" : [
"never@accept.com"
],
"where" : "userspamfolder",
"report_safe" : "2"
}
where only the variables that you wish to override need to be in this file. Using this template will remove any need for the hook scripts How to enable SpamAssassin for new users
improved
More informative licensing errors for legacy skinsWhen DirectAdmin encounters licensing problems (missing license, expired license, etc.), a detailed explanation of the problem and how to fix it used to be shown. But only if Evolution skin is used. In Enhanced or other legacy skins, a blank page with a generic error used to be shown.
The way licensing errors are handled is now changed to always use Evolution skin.
/CMD_LOGIN
request handling improved
Improved Request handler of /CMD_LOGIN
is updated to improve speed and reliability.
Notable changes:
- Requests to
/CMD_LOGIN
will always respond with HTML output, not JSON. If a JSON response is needed, then the/api/login
API endpoint should be used. - For accounts with two-step authentication enabled, all login data (username, password, 2FA code) have to be sent with a single request. It is no longer possible to pass password validation and 2FA validation with separate requests.
- The two-step authentication code can be passed in the form field named
otp.code
. - A more detailed error message will be shown on login failures.
CMD_ASK_TWOSTEP_AUTH
is deprecated. It was used for unfinished sessions to display two-step authentication code input.CMD_LOGIN
can no longer be used for impersonation. Any attempt to do this will perform a logout action.
All these changes are only relevant when a custom login page is used.
custombuild improved
Software version changescomposer
updated from2.7.9
to2.8.1
dovecot-fts-xapian
updated from1.7.14
to1.7.16
imagemagick
updated from7.1.1-38
to7.1.1-39
litespeed
updated from6.3.1-1
to6.3.1-2
modsecurity_owasp_rules
updated from4.6.0
to4.7.0
nginx
updated from1.27.1
to1.27.2
php_yaml
updated from2.2.3
to2.2.4
login.log
improved
Stop logging successful API access in Information about all requests, including authentication type, is stored in the /var/log/directadmin/access.log
file. File login.log
is used to log all successful API requests with limited information (client IP and username) duplicating the same information that is already present in the access.log
.
The file login.log
will no longer include information about successful API calls, leaving only authentication failures.
improved
Single login page for all the skinsThe login page from Evolution is much more flexible and has more features compared with the login pages provided by legacy skins. With this release, the Evolution login page will be used as the main DirectAdmin login page for all the skins.
It is still possible to create a completely custom login page (not related to any skin), but we recommend using Evolution login page customizations to achieve the desired result.
improved
Independent PHP-FPM configuration for each virtual host when nginx is usedThe directadmin.conf
option nginx_fpm_always_set
internal default value is changed from 0
(disabled) to 1
(enabled). This means each virtual host definition (for domains and sub-domains) will have a full and independent PHP configuration section. Previously, a single configuration file between different virtual hosts was reused.
In the upcoming releases, this configuration option will be removed completely.
evolution fixed
Errors trying to create a forwarder with the "pipe" optionTrying to create or modify a forwarder when "pipe" option is selected and the input field contains some content no longer shows an error when submitting the form.
evolution fixed
Redirection to statistics reports pagePages such as Site Summary / Statistics / Logs and Subdomain Management now correctly display links to domain's webalizer/awstats reports page. The data within reports page is correctly loaded based on what awstats
and webalizer
values are configured to in DirectAdmin configuration settings (directadmin.conf
).
fixed
Terminating long-running plugin requestsSubprocesses started by the directadmin
service used to ignore SIGTERM
signals. This used to allow missbehaving plugin handlers to run for a very long time (longer than the default 10 minute limit) and cause problems when directadmin
service needs to gracefully restart.
The issue is fixed by keeping the default SIGTERM
handler for sub-processes.
fixed
Web terminal disconnects on invalid UTF-8 sequenceOn modern systems, opening the vim
editor in the web terminal can cause the terminal session to close abruptly. The problem was caused by invalid UTF-8 sequences breaking the connection. Issue is fixed now.
fixed
Location of customized password change templatesThe location for custom HTML templates used in /CMD_CHANGE_EMAIL_PASSWORD
and /CMD_CHANGE_FTP_PASSWORD
is changed to be consistent with other customizations.
The old location for custom HTML files used to be:
./data/templates/email_pass_change/custom/index.html
./data/templates/ftp_pass_change/custom/index.html
Because these two files do not follow the general pattern of custom files being placed in the ./data/templates/custom
directory, they would get automatically removed when DirectAdmin is updated.
The issue is fixed by changing the customized templates location to:
./data/templates/custom/email_pass_change/index.html
./data/templates/custom/ftp_pass_change/index.html
The update script will detect existing customizations in the old location and move them to the new location automatically.
custombuild fixed
Fixed Dovecot configuration when modern SSL mode is usedWhen ssl_configuration=modern
is set in the CustomBiold options.conf
file, the Dovecot configuration used to get an empty ssl_cipher_list
option in the /etc/dovecot/conf/ssl.conf
file.
Empty option can cause dovecot configuration error. This option will be completely omitted to avoid it.
evolution removed
Removed Admin SSL Certificates pageThe Admin SSL certificates page (previously found under admin level -> Server Manager category -> Admin SSL -> View Certificates) has been removed. The View Certificates button that lead to the now removed page has been replaced with a button which says "Server TLS Certificate" and (as the name suggests) redirects to the Server TLS Certificate page.
evolution removed
Removed search from Refreshed layout menu gridThe refreshed layout dashboard in menu grid mode will no longer have a quick search bar and user-level switch at the top of the page.
Access level switching should be performed in the right-side menu.
system_skin
configuration option from directadmin.conf
removed
Removed the The login page that used to be part of Evolution will now be used as login page for all the skins.
A completely custom login pages are still supported. More details are in the login page customization documentation.
session_cookie_multiplier
configuration option from directadmin.conf
removed
Removed The session_cookie_multiplier
option is no longer relevant. Session cookies do not have a client-side expiration time.
max_twostep_auth_attempts
configuration option from directadmin.conf
removed
Removed Login failures for user accounts with two-step authentication and without two-step authentication will be treated the same.
block_ip_after_failed_twostep_auth
configuration option from directadmin.conf
removed
Removed Login failures for user accounts with two-step authentication and without two-step authentication will be treated the same.
lock_debug
configuration option from directadmin.conf
removed
Removed This option is not needed in a production environment.
favicon_ico
configuration option from directadmin.conf
removed
Removed The default evolution skin already has a favicon configuration option via the customize evolution skin functionality. For any other favicon.ico request to the DirectAdmin service when EVO is not in use, the default templates/favicon.ico
will be served. It can be overridden by uploading your own file to templates/custom/favicon.ico
.
improved
Optimization for CMD_API and json=yes calls.API calls that don't use the original tokenized skin design do not require tokens. A simple logic change to not pre-load the global tokens for CMD_API
and json=yes
calls. Some tests yielded a near 3x speed improvement for local calls (same LAN), eg: CMD_API_SHOW_USER_CONFIG
went from 290ms to 100ms. All calls of these types are averaging a ~190ms speed increase.