Version 1.678
Released: 2025-06-??
new
Support for the Buypass ACME providerThe Norwegian ACME provider Buypass can now be used to get free and automatic TLS certificates.
This provider is not as big as Let's Encrypt and has more restrictions but is still a great addition that improves the diversification of certificate providers.
Key differences compared to Let's Encrypt:
- The certificates are valid for 180 days!
- Wildcard certificates are not supported.
- Maximum 5 domains in a single certificate.
- Certificates and ACME accounts with
EC384
keys are not supported (EC256
keys can be used). - Up to 20 certificates per week for a single domain.
- Up to 5 duplicate certificates per week for a single domain.
evolution improved
File Manager menu entry visible only at user levelThe File Manager menu entry now appears only when the user
level is selected. Previously, it was shown at all levels (admin
, reseller
, and user
).
evolution improved
File Manager actions permission supportA new backend permission now controls whether a user can perform File Manager actions. This release adds Evolution support for this permission (/api/filemanager-actions
), currently affecting only the upload action in the File Manager.
evolution improved
Refactored File Manager action toolbarThe File Manager action toolbar has been refactored in this release. While the design and layout remain unchanged, breadcrumbs are now always visible. Previously, breadcrumbs were hidden whenever at least one file or folder was selected.
evolution improved
Refactored File Manager folder treeThe File Manager folder tree has been redesigned. This update removes several features from the folder tree, including the context menu, drag-and-move, drag-and-drop, and folder size calculation, as these were deemed unnecessary and added complexity. The folder tree now relies on a new backend endpoint, resulting in a simpler and more maintainable implementation.
custombuild improved
‼️ Disable POP / IMAP authentication over non-encrypted connectionsThe Dovecot configuration is updated to block non-encrypted connections to the POP and IMAP services.
This change protects the clients from accidentally misconfiguring email applications to not use encrypted connections. The connections from localhost (not going over the network) are still allowed to not use encryption.
Backwards compatibility with insecure mode can be managed with a drop-in Dovecot configuration file. Examples:
# Allow plain-text POP/IMAP connections for Dovecot 2.4:
echo 'auth_allow_cleartext = yes' > /etc/dovecot/conf.d/insecure-auth.conf
systemctl restart dovecot
# Allow plain-text POP/IMAP connections for Dovecot 2.3:
echo 'disable_plaintext_auth = no' > /etc/dovecot/conf.d/insecure-auth.conf
systemctl restart dovecot
# Restore original configuration (secure):
rm -f /etc/dovecot/conf.d/insecure-auth.conf
systemctl restart dovecot
custombuild improved
Main Dovecot configuration moved to separate filesThe Dovecot main configuration file /etc/dovecot/dovecot.conf
is updated. All configuration directives from this file are moved into smaller independent configuration files in the /etc/dovecot/conf
directory. New configuration files are:
conf/general.conf
conf/passdb.conf
conf/protocol.conf
conf/service.conf
conf/userdb.conf
This makes it easier to customise the Dovecot configuration. Instead of maintaining a full custom configuration file, it is now possible to customise only some of the smaller partial configuration files.
custombuild improved
Software version changesioncube_loaders
updated from14.4.0
to14.4.1
MariaDB 10.11
updated from10.11.11
to10.11.13
MariaDB 11.4
updated from11.4.5
to11.4.7
modsecurity3_nginx
updated from1.0.3
to1.0.4
modsecurity
updated from2.9.8
to2.9.9
redis
updated from8.0.1
to8.0.2
roundcubemail
updated from1.6.10
to1.6.11