Version 5.0.14 is a large bug fix release, and it is now live on the beta channel! If you’d like to try it out on your system, change the update repository on your system to Beta (http://www.interworx.com/software-channels/).
Below is a summary of the changes included in 5.0.14 build 577:
Security:
- Changed default password hashing algorithm to more secure bcrypt for InterWorx logins.
- Updated php-iworx to 5.3.28, fixing CVE-2013-4073 and CVE-2013-6420
- Fixed an issue with a possible SQL Injection vector in Payloads - thanks to Eric Flokstra
- NodeWorx users may now enter an optional message when suspending a SiteWorx account
- API functions to detect VPS environments
- Added the ability to edit existing scheduled backups
- Made the default interworx webserver redirect configurable via iworx.ini: [iworx] index="/nodeworx/index"
- Upgraded APF to 1.7.5
- Added second-level-quota notifications during InterWorx install on OpenVZ, etc
- Increased the maximum qmail process concurrency that is configurable, from 120 to 255
- For PCI compliance requests, the InterWorx login pages can now be configured as no-autofill, so browsers won't save the logins. Configuration is in NodeWorx > Server > Settings. Off by default
- Djbdns RPM now does not start services on update, unless it needs to
- Added support for relative (../) and homedir (~/) paths in InterWorx CLI commands
- Minor interface cleanups on the heliotrope theme login page
- New httpd package compiled for support with prefork and worker mpms
- Improved InterWorx license expiration messages
- Updated SimpleScripts plugin configuration to reflect changes made to their service. Specifically, the removal of "new web host" accounts
- Added support for "d.0.c.b.a.in-addr.apra" subdelegation format in DNS Record interfaces
- Fixed an issue with importing e-mail boxes from cpanel with extra-long hashed passwords
- Significant DirectAdmin importer improvements. The importer now: [LIST]
- imports email groups
- recognizes email box copy-to
- recognizes vacation responders
- recognizes domain local delivery status
- imports email auto-responders
- recognizes existing quotas for groups and auto-responders
- VPS InterWorx Licenses are not permitted use Load Balanced Cluster functionality - made this requirement explicit
- Due to incompatibility issues, OpenVZ/Virtuozzo platform is now blocked from accessing Clustering functionality
- Fixed an issue during install wherein APF could incorrectly detect the presence of a monokernel, breaking FTP
- Fixed "Not logged in" error when trying to use the password generator in SiteWorx
- Fixed an issue with theme debugging causing broken HTML output
- Fixed Bug: unable to control system services on cluster nodes
- Fixed an issue with pointer domain redirect configuration not being cascaded to nodes
- Fixed an issue with VIPs not being properly unbound from cluster nodes when IPs are removed from the cluster, in certain cases
- Local e-mail relaying via IPv6 localhost now enabled by default, same as it was before for IPv4
- Prevented adding email boxes when local delivery is off
- Disabled webmail when an account has local delivery disabled
- Fixed an issue with the command queue when a SiteWorx account has moved to a reseller with lower limits
- Fixed an issue with opening already-open firewall ports on cluster nodes bring down the command queue
- Improved command-queue resiliency regarding the IP Management: Default Sites settings
- Prevented a situation that allowed deleting VIPs on a cluster node
- Modified the problem detector email to be more clear about hostnames on cluster nodes
- Fixed an issue with cluster node adding reporting failure occasionally, until the cluster node page was refreshed
- Fixed an issue with certain cluster command queue actions being run twice instead of once on nodes
- Removed 35-character hash limitation within email disable function
- Prevented unnecessary redirection when deleting a Siteworx DNS record
- Fixed an issue with theme caching breaking theme syncing in clusters
- Fixed an issue with InterWorx trying to load IP addresses from backup files in /etc/sysconfig/network-scripts
- Fixed an issue with visible HTML code in the System Health page
- Fixed a stacktrace when attempting to edit SPF records in SiteWorx
- Fixed an issue with parent theme fallback when a child theme is missing
- Fixed MySQL server management related to remote MySQL servers.
- Fixed an issue wherein a payload refresh would not honor a user's language setting, reverting to the default instead
- Fixed an issue with the appearance of multi-line inputs with auto-complete
Feel free to discuss this release or ask questions here, but for the serious issues, open a ticket at the support desk.