Version 1.678

Released: 2025-06-??

Support for the Buypass ACME provider new

The Norwegian ACME provider Buypassopen in new window can now be used to get free and automatic TLS certificates.

This provider is not as big as Let's Encrypt and has more restrictions but is still a great addition that improves the diversification of certificate providers.

Key differences compared to Let's Encrypt:

  • The certificates are valid for 180 days!
  • Wildcard certificates are not supported.
  • Maximum 5 domains in a single certificate.
  • Certificates and ACME accounts with EC384 keys are not supported (EC256 keys can be used).
  • Up to 20 certificates per week for a single domain.
  • Up to 5 duplicate certificates per week for a single domain.

File Manager menu entry visible only at user level evolution improved

The File Manager menu entry now appears only when the user level is selected. Previously, it was shown at all levels (admin, reseller, and user).

File Manager actions permission support evolution improved

A new backend permission now controls whether a user can perform File Manager actions. This release adds Evolution support for this permission (/api/filemanager-actions), currently affecting only the upload action in the File Manager.

Refactored File Manager action toolbar evolution improved

The File Manager action toolbar has been refactored in this release. While the design and layout remain unchanged, breadcrumbs are now always visible. Previously, breadcrumbs were hidden whenever at least one file or folder was selected.

Refactored File Manager's toolbar

Refactored File Manager folder tree evolution improved

The File Manager folder tree has been redesigned. This update removes several features from the folder tree, including the context menu, drag-and-move, drag-and-drop, and folder size calculation, as these were deemed unnecessary and added complexity. The folder tree now relies on a new backend endpoint, resulting in a simpler and more maintainable implementation.

Refactored File Manager's folder tree

‼️ Disable POP / IMAP authentication over non-encrypted connections custombuild improved

The Dovecot configuration is updated to block non-encrypted connections to the POP and IMAP services.

This change protects the clients from accidentally misconfiguring email applications to not use encrypted connections. The connections from localhost (not going over the network) are still allowed to not use encryption.

Backwards compatibility with insecure mode can be managed with a drop-in Dovecot configuration file. Examples:

# Allow plain-text POP/IMAP connections for Dovecot 2.4:
echo 'auth_allow_cleartext = yes' > /etc/dovecot/conf.d/insecure-auth.conf
systemctl restart dovecot

# Allow plain-text POP/IMAP connections for Dovecot 2.3:
echo 'disable_plaintext_auth = no' > /etc/dovecot/conf.d/insecure-auth.conf
systemctl restart dovecot

# Restore original configuration (secure):
rm -f /etc/dovecot/conf.d/insecure-auth.conf
systemctl restart dovecot

Main Dovecot configuration moved to separate files custombuild improved

The Dovecot main configuration file /etc/dovecot/dovecot.conf is updated. All configuration directives from this file are moved into smaller independent configuration files in the /etc/dovecot/conf directory. New configuration files are:

  • conf/general.conf
  • conf/passdb.conf
  • conf/protocol.conf
  • conf/service.conf
  • conf/userdb.conf

This makes it easier to customise the Dovecot configuration. Instead of maintaining a full custom configuration file, it is now possible to customise only some of the smaller partial configuration files.

Software version changes custombuild improved

  • ioncube_loaders updated from 14.4.0 to 14.4.1
  • MariaDB 10.11 updated from 10.11.11 to 10.11.13
  • MariaDB 11.4 updated from 11.4.5 to 11.4.7
  • modsecurity3_nginx updated from 1.0.3 to 1.0.4
  • modsecurity updated from 2.9.8 to 2.9.9
  • redis updated from 8.0.1 to 8.0.2
  • roundcubemail updated from 1.6.10 to 1.6.11
Last Updated: