InterWorx Version 5.0.14 build 579 now on the Release Channel!

Version 5.0.14 is a large bug fix release, and it is now live on the release channel!

Below is a summary of the changes included in 5.0.14 build 579:


  • Changed default password hashing algorithm to more secure bcrypt for InterWorx logins.
  • Updated php-iworx to 5.3.28, fixing CVE-2013-4073 and CVE-2013-6420
  • Fixed an issue with a possible SQL Injection vector in Payloads - thanks to Eric Flokstra
[B] New Features:[/B]
  • NodeWorx users may now enter an optional message when suspending a SiteWorx account - thanks for the idea, Gopal!
  • API functions to detect VPS environments
  • Added the ability to edit existing scheduled backups
  • Made the default interworx webserver redirect configurable via iworx.ini: [iworx] index="/nodeworx/index"
[B] Enhancements:[/B]
  • Added support for managing mysql users on MySQL 5.6.
  • Upgraded APF to 1.7.5
  • Added second-level-quota notifications during InterWorx install on OpenVZ, etc
  • Increased the maximum qmail process concurrency that is configurable, from 120 to 255
  • For PCI compliance requests, the InterWorx login pages can now be configured as no-autofill, so browsers won't save the logins. Configuration is in NodeWorx > Server > Settings. Off by default
  • Djbdns RPM now does not start services on update, unless it needs to
  • Added support for relative (../) and homedir (~/) paths in InterWorx CLI commands
  • Minor interface cleanups on the heliotrope theme login page
  • New httpd package compiled for support with prefork and worker mpms
  • Improved InterWorx license expiration messages
  • Updated SimpleScripts plugin configuration to reflect changes made to their service. Specifically, the removal of "new web host" accounts
  • Added support for "" subdelegation format in DNS Record interfaces
  • Fixed an issue with importing e-mail boxes from cpanel with extra-long hashed passwords
  • Significant DirectAdmin importer improvements. The importer now: [LIST]
  • imports email groups
  • recognizes email box copy-to
  • recognizes vacation responders
  • recognizes domain local delivery status
  • imports email auto-responders
  • recognizes existing quotas for groups and auto-responders
  • Updated ClamAV to 0.98.1
  • Added ability for real email boxes to have multiple forwarders
  • Added the ability for auto-responders to forward to multiple emails [/LIST] [B] Bug Fixes:[/B]
    • Fixed issues preventing ldirectord from starting properly on el6.
    • Fixed bug that allowed creation of e-mail alias loops
    • Fixed an issue with some FTP users not being able to login
    • VPS InterWorx Licenses are not permitted use Load Balanced Cluster functionality - made this requirement explicit
    • Due to incompatibility issues, OpenVZ/Virtuozzo platform is now blocked from accessing Clustering functionality
    • Fixed an issue during install wherein APF could incorrectly detect the presence of a monokernel, breaking FTP
    • Fixed "Not logged in" error when trying to use the password generator in SiteWorx
    • Fixed an issue with theme debugging causing broken HTML output
    • Fixed Bug: unable to control system services on cluster nodes
    • Fixed an issue with pointer domain redirect configuration not being cascaded to nodes
    • Fixed an issue with VIPs not being properly unbound from cluster nodes when IPs are removed from the cluster, in certain cases
    • Local e-mail relaying via IPv6 localhost now enabled by default, same as it was before for IPv4
    • Prevented adding email boxes when local delivery is off
    • Disabled webmail when an account has local delivery disabled
    • Fixed an issue with the command queue when a SiteWorx account has moved to a reseller with lower limits
    • Fixed an issue with opening already-open firewall ports on cluster nodes bring down the command queue
    • Improved command-queue resiliency regarding the IP Management: Default Sites settings
    • Prevented a situation that allowed deleting VIPs on a cluster node
    • Modified the problem detector email to be more clear about hostnames on cluster nodes
    • Fixed an issue with cluster node adding reporting failure occasionally, until the cluster node page was refreshed
    • Fixed an issue with certain cluster command queue actions being run twice instead of once on nodes
    • Removed 35-character hash limitation within email disable function
    • Prevented unnecessary redirection when deleting a Siteworx DNS record
    • Fixed an issue with theme caching breaking theme syncing in clusters
    • Fixed an issue with InterWorx trying to load IP addresses from backup files in /etc/sysconfig/network-scripts
    • Fixed an issue with visible HTML code in the System Health page
    • Fixed a stacktrace when attempting to edit SPF records in SiteWorx
    • Fixed an issue with parent theme fallback when a child theme is missing
    • Fixed MySQL server management related to remote MySQL servers.
    • Fixed an issue wherein a payload refresh would not honor a user's language setting, reverting to the default instead
    • Fixed an issue with the appearance of multi-line inputs with auto-complete

    Feel free to discuss this release or ask questions here, but for the serious issues, open a ticket at the support desk.

  • Hi

    I’m sorry to bother you, but I cannot see how to set any message when disabling the siteworx account.

    I’m sorry if I have misunderstood or even missed the input.

    Also, the PCI compliance for autofil, on our system was defaulted to on, and I had to manually set it to off.

    Lastly, and I’m not too sure if it’s connected with heartbleed, but our system is showing an access denied on cached SSL, which external testing also shows a failure for SSL caching, stating id are available but not recognised.

    Does anyone also have this issue

    If it helps, we updated our OpenSSL and restarted, rekeyed all our SSL and installed, test showed ocsp failure, so I update to release channel, and that’s when the SSL cache error happened. The ocsp error was not present this morning but ocsp is usually a CA issue, where we have no control over. So the only remaining issue is SSL cache.

    Many thanks



    I hope you don’t mind, but I have been looking into my issue on Session resumption caching, and I believe I have now resolved it.

    It may perhaps be a small issue reintroduced as it is a permission issue, which was corrected a few years ago (, and my error was :

    Session resumpttion (caching) No (IDs assigned but not accepted)

    and shown in error logs:

    [Fri Apr 18 08:56:51 2014] [error] (13)Permission denied: Cannot open SSLSessionCache DBM file `/etc/httpd/logs/ssl_scache’ for writing (store)

    To correct this, I did the following:

    ls -ld /var/log/httpd/
    drwx------. 2 root root 4096 Apr 18 09:56 /var/log/httpd/
    chmod 711 /var/log/httpd/
    ls -ld /var/log/httpd/
    drwx–x--x. 2 root root 4096 Apr 18 09:56 /var/log/httpd/

    I restarted httpd and tested, and the issue is no longer present.

    I hope this helps, and sorry if I am wrong.

    Many thanks



    Same with me, and also solved with your suggestion.

    Thanks for sharing.