Version 1.678

Released: 2025-06-04

• Support for the Buypass ACME provider new
• System packages management evolution new
• File Manager actions permission support evolution update
• Refactored File Manager action toolbar evolution update
• Refactored File Manager folder tree evolution update
• Menu entry File Manager appears only once evolution update
• Menu entry CustomBuild moved to Server Manager section evolution update
• ‼️ Disable POP / IMAP authentication over non-encrypted connections custombuild update
• Main Dovecot configuration moved to separate files custombuild update
• Software version changes custombuild update
• Nginx URL rewrites response on submission evolution fix
• Admin backups modify page missing options evolution fix

Support for the Buypass ACME provider new

The Norwegian ACME provider Buypass can now be used to get free and automatic TLS certificates.

This provider is not as big as Let's Encrypt and has more restrictions but is still a great addition that improves the diversification of certificate providers.

Key differences compared to Let's Encrypt:

• The certificates are valid for 180 days!
• Wildcard certificates are not supported.
• Maximum 5 domains in a single certificate.
• Certificates and ACME accounts with EC384 keys are not supported (EC256 keys can be used).
• Up to 20 certificates per week for a single domain.
• Up to 5 duplicate certificates per week for a single domain.

System packages management evolution new

Features for managing system packages can now be found in admin level -> Server Manager -> System Packages. The main use of the feature is intended for updating all packages at once as seen below:

A separate page is available for more granular control but should be avoided in favor of updating all packages at once:

After initiating an update request, the process begins by showing a list of changes that would occur if user were to proceed with the update:

Note that this step does not actually update packages. In order for the update to proceed, user needs to "Confirm" the update.

After which either a success or failure message will be shown, prompting user to go back. In case request succeeds, the update will be carried out in the background.

To see a list of previous updates, navigate to the history page. It shows updates starting from latest to oldest and lists what packages were installed, updated, removed during the update:

For further details click the "View Log" button. It will navigate user to a page which shows the log generated during the update.

File Manager actions permission support evolution update

A new backend permission now controls whether a user can perform File Manager actions. This release adds Evolution support for this permission (/api/filemanager-actions), currently affecting only the upload action in the File Manager.

Refactored File Manager action toolbar evolution update

The File Manager action toolbar has been refactored in this release. While the design and layout remain unchanged, breadcrumbs are now always visible. Previously, breadcrumbs were hidden whenever at least one file or folder was selected.

Refactored File Manager folder tree evolution update

The File Manager folder tree has been redesigned. This update removes several features from the folder tree, including the context menu, drag-and-move, drag-and-drop, and folder size calculation, as these were deemed unnecessary and added complexity. The folder tree now relies on a new backend endpoint, resulting in a simpler and more maintainable implementation.

Menu entry File Manager appears only once evolution update

The File Manager menu entry now appears only in the user access level menu. This change removes duplicate menu items from the admin and reseller menus, making a cleaner menu separation between different access levels.

Menu entry CustomBuild moved to Server Manager section evolution update

The CustomBuild menu entry is moved from the Extra Features section into the Server Manager section. The CustomBuild is now an integral part of DirectAdmin that allows easy management of additional software on the server. The new menu placement is more suitable for this feature.

‼️ Disable POP / IMAP authentication over non-encrypted connections custombuild update

The Dovecot configuration is updated to block non-encrypted connections to the POP and IMAP services.

This change protects the clients from accidentally misconfiguring email applications to not use encrypted connections. The connections from localhost (not going over the network) are still allowed to not use encryption.

Backwards compatibility with insecure mode can be managed with a drop-in Dovecot configuration file. Examples:

# Allow plain-text POP/IMAP connections for Dovecot 2.4:
echo 'auth_allow_cleartext = yes' > /etc/dovecot/conf.d/insecure-auth.conf
systemctl restart dovecot

# Allow plain-text POP/IMAP connections for Dovecot 2.3:
echo 'disable_plaintext_auth = no' > /etc/dovecot/conf.d/insecure-auth.conf
systemctl restart dovecot

# Restore original configuration (secure):
rm -f /etc/dovecot/conf.d/insecure-auth.conf
systemctl restart dovecot

Main Dovecot configuration moved to separate files custombuild update

The Dovecot main configuration file /etc/dovecot/dovecot.conf is updated. All configuration directives from this file are moved into smaller independent configuration files in the /etc/dovecot/conf directory. New configuration files are:

• conf/general.conf
• conf/passdb.conf
• conf/protocol.conf
• conf/service.conf
• conf/userdb.conf

This makes it easier to customise the Dovecot configuration. Instead of maintaining a full custom configuration file, it is now possible to customise only some of the smaller partial configuration files.

Note: The location of Dovecot 2.3 configuration files have changed. All configuration files are now in the .../configure/dovecot/2.3. Existing customisations for the Dovecot 2.3 will be moved to the new location during DirectAdmin update.

Software version changes custombuild update

• ioncube_loaders updated from 14.4.0 to 14.4.1
• lego updated from 4.23.1-SNAPSHOT-02572881 to 4.23.1-SNAPSHOT-3f6293fe
• litespeed updated from 6.3.2-4 to 6.3.3-0
• MariaDB 10.11 updated from 10.11.11 to 10.11.13
• MariaDB 11.4 updated from 11.4.5 to 11.4.7
• modsecurity3_nginx updated from 1.0.3 to 1.0.4
• modsecurity_owasp_rules updated from 4.14.0 to 4.15.0
• modsecurity updated from 2.9.8 to 2.9.10
• redis updated from 8.0.1 to 8.0.2
• roundcubemail updated from 1.6.10 to 1.6.11

Note:

The lego tool is updated to a new build of the same version. The new build has a patch to fix the Unable to validate JWS :: JWS has an invalid anti-replay nonce error, which happens when ACME provider servers are slow to respond.

Nginx URL rewrites response on submission evolution fix

User page Nginx URL rewrites always responded with the error code on submission, even if request succeeded. This fix adds CMD_NGINX_TEMPLATES to ./data/skins/evolution/files_user.conf, so that backend could respond normally.

Admin backups modify page missing options evolution fix

When on mobile, the checkboxes for "Selected data" within admin backups modify page (admin level -> Admin Tools -> Admin Backup/Transfer -> modify a scheduled backup -> Step 4: What) were not shown.