Add install_utils.get_lsphp_install_suffixes() (Alma 9/10+, EL9+,
Ubuntu 24.04+, Debian 13+ use 74–85; older OS keep 71–85).
installCyberPanel.installAllPHPVersions uses the matrix and installs
every listed lsphp on Ubuntu (fixes 74 skipped by slice).
upgrade.get_available_php_versions loads the same helper from install/.
Extend PHP-FPM restart loops to 8.4/8.5 and CloudLinux list to 85.
Clarify /usr/bin/php symlink priority comments in install.py.
Integrates webmail and emailDelivery apps, mail-server and install/upgrade
paths, cyberpanel_ols 2.7.0-style binaries, and v2.4.5 UI patterns while
preserving v2.5.5-dev behavior (SnappyMail/PUBLIC_ROOT, childPath in
launchChild, hardened downloads and SSH activity modal).
installSieve() and setupWebmail() imported from plogical module which
doesn't exist during fresh install (CyberPanel code not yet deployed).
- Replace FirewallUtilities.addSieveFirewallRule() with direct firewall-cmd/ufw calls
- Replace generate_pass() with inline secrets.choice() password generation
lscpd worker runs as user lscpd, not cyberpanel. The webmail.conf file
(containing master user credentials) was unreadable by lscpd, causing
master auth to silently fail and fall back to empty password auth.
Also fix ownership on existing installs during upgrade.
- Replace free text input with folder dropdown for move-to-folder rules
- Auto-prefix INBOX. namespace to folder names in sieve scripts
- Strip INBOX. prefix when parsing sieve scripts back to rules
- Make upgrade setupSieve() regexes more flexible to handle config variations
- Add os.makedirs for conf.d directory in both install and upgrade
- Validate ManageSieve config with both inet_listener and service checks
Install setupWebmail() now creates /etc/cyberpanel dir if missing,
patches dovecot.conf with master passdb block if absent, and skips
gracefully when already configured. Prevents webmail auth failures
on fresh installs where the directory didn't exist yet.
Also adds cybermail_accounts and cybermail_domains CREATE TABLE
statements to upgrade.py applyLoginSystemMigrations() for the
emailDelivery app on existing installs.
Security fixes:
- Escape plain text body to prevent XSS via trustAsHtml
- Add SSRF protection to image proxy (block private IPs, require auth)
- Sanitize Content-Disposition filename to prevent header injection
- Escape Sieve script values to prevent script injection
- Escape IMAP search query to prevent search injection
Install/upgrade fixes:
- Move setupWebmail() call to after Dovecot is installed (was running
before doveadm existed, silently failing on every fresh install)
- Make setupWebmail() a static method callable from install.py
- Fix upgrade idempotency: always run dovecot.conf patching and
migrations even if webmail.conf already exists (partial failure recovery)
Frontend fixes:
- Fix search being a no-op (was ignoring results and just reloading)
- Fix loading spinner stuck forever on API errors (add errback)
- Fix unread count decrementing on already-read messages
- Fix draft auto-save timer leak when navigating away from compose
- Fix composeToContact missing signature and auto-save
- Fix null subject crash in reply/forward
- Clear stale data when switching accounts
- Fix attachment part_id mismatch between parser and downloader
Backend fixes:
- Fix Sieve _read_response infinite loop on connection drop
- Add login check to apiSaveDraft
- Fix apiSSO() resetting selected account to first one on every call,
now preserves previously selected account if still valid
- Fix webmail.conf ownership to use cyberpanel:cyberpanel (Django runs
as cyberpanel user, not nobody)
- Add error notifications when SSO or folder loading fails
Adds master passdb config to dovecot.conf templates, setupWebmail() to
the installer and upgrade paths to generate credentials and create
/etc/dovecot/master-users and /etc/cyberpanel/webmail.conf automatically.
The upgrade path is idempotent and patches existing dovecot.conf if needed.
Rebuilt module fixes NULL pointer dereference in apply_headers() when
OLS generates error responses (4xx/5xx). The get_req_var_by_id() call
for DOC_ROOT crashed because request variables aren't initialized
during error response generation. Fix adds status code guard to skip
header processing for error responses.
New hashes for all 3 platforms after fixing the bug where VHosts with
SSL context but missing listener map entries served the wrong cert.
rhel9: 04921afbad94e7ee69bc93a73985e318df93f28b2b0d578447b0ef43dc6e3818
ubuntu: ae2564742f362d3e34ea814dff37edeb8f8b73ae9ca1484ba78e2453a3987429
rhel8: 855b6bccb4a7893914506a07185cffd834bd31a7f7c080b5b4190283def7fa3e
The previous string replace only matched 'adminEmails root@localhost'
exactly. On fresh OLS installs where adminEmails may have a different value
or different spacing, the replace would silently fail and Auto-SSL config
would never be injected. Use re.sub to match the adminEmails line regardless
of its value.
The string replace matched only 'adminEmails' keyword instead of the
full existing line 'adminEmails root@localhost', causing
the remaining ' root@localhost' to trail onto the acmeEmail
line and break ACME account registration.
Universal binaries with all features config-driven (PHPConfig API, Origin
Header Forwarding, ReadApacheConf with Portmap, Auto-SSL ACME v2,
ModSecurity ABI compatibility). Updates install, upgrade, and modSec paths.
- install.py: create venv at /usr/local/CyberCP if missing; add system python3 fallback for migrations; download composer.sh before chmod; remove existing SSH keys before ssh-keygen
- installCyberPanel.py: remove MariaDB-server from dnf exclude before install
- cyberpanel.sh: ensure ports 8090 and 7080 listening after install; final status shows port accessibility
- backupUtilities.py: remove existing cyberpanel keys before ssh-keygen to avoid Overwrite prompt
- cyberpanel.sh: ask MariaDB version (11.8/12.1) first even in --auto; add --mariadb-version
- install/install.py: remove existing SSH key before ssh-keygen to avoid Overwrite (y/n) prompt
- install/installCyberPanel.py: use MariaDB 11.8 and --nobest for AlmaLinux 9 / cent8 to fix client dependency
- install/installCyberPanel.py: required by venvsetup.sh sed commands
- install/env_generator.py: parity with stable/v2.4.4
No other merges; install paths that run venvsetup.sh will no longer fail.
- Update cyberpanel_ols module URLs to use /binaries/ path structure
- Update SHA256 checksums for all platforms (rhel8, rhel9, ubuntu)
- Enable RHEL 8 module support (was previously disabled)
- Module version 2.2.0 with Phase 2 features
Reduce minimum file size from 1MB to 10KB to allow the module file
(~35KB) to pass validation. The 1MB threshold was too strict and only
appropriate for the main OLS binary. Now displays size in KB or MB
appropriately.
Change download verification to check file existence and size instead of
relying on return code. The wget command succeeds but install_utils.call()
may not return 0. Now verifies downloaded file exists and is at least 1MB.
Integrate custom OLS binaries during installation to enable Apache-style
php_value/php_flag directives in .htaccess files. The installer now:
- Downloads custom OLS binary and module from cyberpanel.net
- Creates backup of existing binaries before replacement
- Installs custom binaries with enhanced .htaccess support
- Configures CyberPanel module in OpenLiteSpeed config
- Gracefully falls back to standard OLS if download fails
- Only installs on x86_64 architecture
Features enabled by custom binaries:
- Apache-style .htaccess support
- php_value and php_flag directives
- Enhanced header control
- Better Apache compatibility
- Integrated OS detection and specific fix application directly into the installation flow, improving compatibility and reducing conflicts.
- Added logging for MariaDB repository setup and verification, ensuring successful addition or warning on potential failures.
- Enhanced the installation of MariaDB for AlmaLinux 9 with improved error handling and service configuration checks.
- Removed the deprecated installCyberPanel.py file, consolidating functionality into the main installation script for better maintainability.
- Added a method to detect OS information for supported platforms (Ubuntu, Debian, AlmaLinux, Rocky, RHEL, CloudLinux, CentOS).
- Introduced methods to check for specific OS types and apply necessary fixes based on detected OS.
- Implemented OS-specific fixes for AlmaLinux 9, including service installations, MySQL GPG key handling, and OpenLiteSpeed setup.
- Enhanced the installation process to apply OS-specific fixes before installing packages, ensuring compatibility and reducing conflicts.
- Added checks to ensure the Python virtual environment is properly set up before running migrations.
- Implemented logic to find the correct Python executable from multiple potential paths.
- Improved MariaDB installation by trying different package combinations for AlmaLinux 9 and checking for service file existence.
- Enhanced service management to handle symlinks and alternative service names for MariaDB.
- Added error handling for missing MySQL/MariaDB client commands and ensured proper cleanup of conflicting service files.
- Improved Git clone reliability by implementing multiple clone methods and a fallback manual download option.
- Added checks to ensure necessary directories exist before cloning and configuring Dovecot.
- Enhanced Dovecot installation logic with multiple command attempts and service management.
- Updated PHP installation process to dynamically create symlinks to the best available PHP version.
- Added error handling for missing configuration files and created basic configurations as fallbacks.
- Ensured firewall setup for Sieve is only attempted if the required module is available.
- Changed package names from 'MariaDB-*' to 'mariadb-*' for consistency across scripts.
- Modified LSMCD service type from 'forking' to 'simple' and added user/group settings in cyberpanel.sh.
- Improved error handling for LSMCD service startup in cyberpanel.sh.
- Fixed Django AutoField warnings in install.py by directly calling the fix function.
- Updated MariaDB repository setup commands in cyberpanel.sh to use double quotes for consistency.
- Added installation of libmemcached dependencies in both cyberpanel.sh and install.py for improved functionality.
- Modified ownership commands in install.py to remove unnecessary redirection for better clarity.
- Introduced a fix for Django AutoField warnings in install.py by adding a DEFAULT_AUTO_FIELD setting.
- Created mbstring configuration for each PHP version in installCyberPanel.py to ensure proper PHP functionality.
- Adjusted PHP version priority in cyberpanel_upgrade.sh and install.py to include PHP 8.5 (beta) as the highest priority.
- Enhanced package installation logic in cyberpanel.sh and installCyberPanel.py to install PHP dependencies more robustly, including error handling for missing packages.
- Updated README.md to reflect the new recommended PHP versions and deprecated versions.
- Improved error handling and dependency management in phpUtilities.py and upgrade.py for better installation reliability.
