Version 1.678
Released: 2025-06-??
Support for the Buypass ACME provider new
The Norwegian ACME provider Buypass can now be used to get free and automatic TLS certificates.
This provider is not as big as Let's Encrypt and has more restrictions but is still a great addition that improves the diversification of certificate providers.
Key differences compared to Let's Encrypt:
- The certificates are valid for 180 days!
- Wildcard certificates are not supported.
- Maximum 5 domains in a single certificate.
- Certificates and ACME accounts with
EC384keys are not supported (EC256keys can be used). - Up to 20 certificates per week for a single domain.
- Up to 5 duplicate certificates per week for a single domain.
File Manager menu entry visible only at user level evolution improved
The File Manager menu entry now appears only when the user level is selected. Previously, it was shown at all levels (admin, reseller, and user).
File Manager actions permission support evolution improved
A new backend permission now controls whether a user can perform File Manager actions. This release adds Evolution support for this permission (/api/filemanager-actions), currently affecting only the upload action in the File Manager.
Refactored File Manager action toolbar evolution improved
The File Manager action toolbar has been refactored in this release. While the design and layout remain unchanged, breadcrumbs are now always visible. Previously, breadcrumbs were hidden whenever at least one file or folder was selected.
Refactored File Manager folder tree evolution improved
The File Manager folder tree has been redesigned. This update removes several features from the folder tree, including the context menu, drag-and-move, drag-and-drop, and folder size calculation, as these were deemed unnecessary and added complexity. The folder tree now relies on a new backend endpoint, resulting in a simpler and more maintainable implementation.
‼️ Disable POP / IMAP authentication over non-encrypted connections custombuild improved
The Dovecot configuration is updated to block non-encrypted connections to the POP and IMAP services.
This change protects the clients from accidentally misconfiguring email applications to not use encrypted connections. The connections from localhost (not going over the network) are still allowed to not use encryption.
Backwards compatibility with insecure mode can be managed with a drop-in Dovecot configuration file. Examples:
# Allow plain-text POP/IMAP connections for Dovecot 2.4:
echo 'auth_allow_cleartext = yes' > /etc/dovecot/conf.d/insecure-auth.conf
systemctl restart dovecot
# Allow plain-text POP/IMAP connections for Dovecot 2.3:
echo 'disable_plaintext_auth = no' > /etc/dovecot/conf.d/insecure-auth.conf
systemctl restart dovecot
# Restore original configuration (secure):
rm -f /etc/dovecot/conf.d/insecure-auth.conf
systemctl restart dovecot
Main Dovecot configuration moved to separate files custombuild improved
The Dovecot main configuration file /etc/dovecot/dovecot.conf is updated. All configuration directives from this file are moved into smaller independent configuration files in the /etc/dovecot/conf directory. New configuration files are:
conf/general.confconf/passdb.confconf/protocol.confconf/service.confconf/userdb.conf
This makes it easier to customise the Dovecot configuration. Instead of maintaining a full custom configuration file, it is now possible to customise only some of the smaller partial configuration files.
Software version changes custombuild improved
ioncube_loadersupdated from14.4.0to14.4.1MariaDB 10.11updated from10.11.11to10.11.13MariaDB 11.4updated from11.4.5to11.4.7modsecurity3_nginxupdated from1.0.3to1.0.4modsecurityupdated from2.9.8to2.9.9redisupdated from8.0.1to8.0.2roundcubemailupdated from1.6.10to1.6.11