- dockerManager: add 0001_initial migration (CREATE TABLE IF NOT EXISTS), migrate-and-retry on DB errors, safe error response, fix logging.CyberCPLogFileWriter.writeToFile
- dockerManager/views: listContainersPage fallback HTML with error message if template fails
- dockerManager/viewContainer: improve container log readability (font-size 1rem, color #f1f5f9, line-height 1.6)
- baseTemplate: blockIPAddress also adds ban to firewall BannedIP model so Firewall > Banned IPs shows all
- firewall: getBannedIPs migrate-and-retry on OperationalError/ProgrammingError; install runs migrate firewall
- plogical/upgrade: syncBannedIPsJsonToDb() to sync JSON bans to firewall_bannedips; firewallMigrations() calls it; CyberPanelUpgrade runs firewallMigrations(); someDirectories creates /usr/local/CyberCP/data
- install: explicit migrate firewall after global migrate
Expand mail-domain detection so proxy stays off for:
mail., smtp., imap., pop3., pop., autodiscover., webmail.
(and subdomains containing these). Other A/AAAA/CNAME get proxied by default.
- Return (success, error_msg) from createNONSSLMapEntry instead of 0/1
- Fix logging: use CyberCPLogFileWriter.writeToFile instead of writeToFile
- Match listener block case-insensitively (listener Default / listener default)
- Raise clear ValueError if Default listener block not found in httpd_config.conf
- Propagate actual error messages in createConfigInMainVirtualHostFile and createConfigInMainDomainHostFile
- dnsManager.fixDNSRecordsCloudFlare: track existing_types_by_name;
skip adding A/AAAA when hostname has CNAME (A/AAAA cannot coexist
with CNAME). Clearer docstring.
- dnsUtilities: comment tweak for proxy-capable record types.
- settings.py: read DB password from /etc/cyberpanel/mysqlPassword
when present so panel stays in sync with CLI/install scripts.
- dnsManager.py: include AAAA in record types that get proxied flag on
update (was only A, CNAME); fix HTTP 500 by hardening loadCFKeys and
addDeleteDNSRecordsCloudFlare (safe file read, always pass
domainsList/cfEmail/cfToken to template).
- dnsUtilities.py: A, AAAA and CNAME can be proxied in Cloudflare;
set proxied only for those types; MX, TXT, etc. cannot be proxied.
- Bug: filtering on '::1' in line incorrectly excluded addresses like
2a02:c206:2238:7806::1, so fixDNS() never created AAAA records.
- Fix: use ipaddress.ip_address() and is_loopback/is_link_local so
only actual loopback (::1) and link-local (fe80::) are excluded.
- GetServerIPv6() now returns correct global IPv6 for DNS AAAA records.
- Fix 1: Parse -b/--branch and --mariadb-version with while-loop so only next token is used
(avoids Branch_Name becoming 'v2.5.5-dev --mariadb-version 12.3')
- Fix 2: Default Git_User to master3395 in Pre_Upgrade_Setup_Git_URL (04_git_url, monolithic)
- Fix 3: upgrade.py uses CYBERPANEL_GIT_USER for git clone (default master3395);
export CYBERPANEL_GIT_USER before upgrade.py in 08_main_upgrade and monolithic
- Fix 4: --mariadb-version already supported in 05_repository.sh (MARIADB_VER_REPO)
- firewallUtilities: add closeConnectionsFromIP() using conntrack -D -s IP
- addBannedIP: when IP already banned, close connections and return success message
- Frontend: always call API on Ban IP so backend can close connections; show server message
- Install: add conntrack-tools (RHEL) / conntrack (Debian/Ubuntu) to all install paths
(rhel_deps, debian_deps, install_modules/01_verify_deps, install.py, venvsetup)
- plogical/acl.py: use config.get() for DNS permissions so old ACLs without
deleteZone key do not cause KeyError
- baseTemplate: add deleteZone/addDeleteRecords CSS classes to DNS menu links
for correct permission-based hiding
- system-status.js: fix swapped selectors (deleteZone hides .deleteZone,
addDeleteRecords hides .addDeleteRecords instead of .deleteDatabase)
- versionFetcher: normalize RELEASE_5_2_3 -> 5.2.3 for phpMyAdmin tags
- upgrade: verify tarball size after download; chown lscpd at end of phpMyAdmin install
- install: same glob-based extract + verify; check tarball size
- fix-phpmyadmin.sh: one-off script to install/fix phpMyAdmin on server (404 fix)
- index.html: notification dropdown scroll (list max-height, flex min-height:0), button min-width and contrast, dark text on white for dark mode visibility
- cyberpanel.sh, cyberpanel_upgrade.sh, preUpgrade.sh: default install/upgrade URLs to usmannasir/cyberpanel (keep -r/--repo for fork)
- databases/plogical: AutoLogin, views, phpmyadminsignin updates
Install:
- install.py: in preFlightsChecks.call(), replace missing CyberPanel python
with /usr/bin/python3 and force shell=True so any code path (including
old/cached script) never hits FileNotFoundError.
Upgrade:
- cyberpanel_upgrade.sh: resolve CP_PYTHON (CyberPanel, CyberCP, python3)
before running upgrade.py and configure.py; use it for both.
- plogical/upgrade.py: add _python_for_manage(), use it in GeneralMigrations,
collectstatic, and upgradePip so migrations/collectstatic work when
/usr/local/CyberPanel/bin/python is missing.
- install.py: create venv at /usr/local/CyberCP if missing; add system python3 fallback for migrations; download composer.sh before chmod; remove existing SSH keys before ssh-keygen
- installCyberPanel.py: remove MariaDB-server from dnf exclude before install
- cyberpanel.sh: ensure ports 8090 and 7080 listening after install; final status shows port accessibility
- backupUtilities.py: remove existing cyberpanel keys before ssh-keygen to avoid Overwrite prompt
- plogical/firewallUtilities: fix inverted success/failure (result==1 = success); write blocked_ips.log under CyberCP/data for cyberpanel write access
- plogical/processUtilities: when root, use normalExecutioner return value so executioner reflects actual command success/failure
- firewall/firewallManager: addBannedIP uses FirewallUtilities.blockIP; ACL and all errors return JSON with error_message/error; rollback store if block fails
- baseTemplate/views: blockIPAddress uses FirewallUtilities.blockIP instead of subprocess
- baseTemplate/homePage: inline Ban IP calls /firewall/addBannedIP with ip/reason/duration; show server error in notifications
- baseTemplate/system-status.js: handle string response and show server error_message in success and error callbacks
- Fix delete for domain and Root File Manager: use sudo helper when
lscpd/executioner fails (TOKEN/sendCommand issues)
- Add safe-delete-path and safe-move-path helpers for base64 path handling
- Add ACLManager.isPathInsideHome and isFilePathSafeForShell for path validation
- Fix upload authorization for Root File Manager (domainName empty)
- Harden outputExecutioner result checks to prevent 500 on None
- Update Bootstrap CDN for CSP compatibility
- Improve error display and a11y focus management in modals
- Resolves#1670: files with special characters can be uploaded/deleted
- saveSSHConfigs() now writes only one Port line (was writing one per
existing Port line, causing duplicate Port entries and 'Address
already in use' from sshd)
- Match only actual 'Port N' directive; exclude GatewayPorts and other
lines containing 'Port'
- If no Port line exists in config, append one
Fixes: https://github.com/usmannasir/cyberpanel/issues/1668#issue-3881969535
- install.py: use preFlightsChecks.mariadb_version in mariadb_repo_setup
- venvsetup.sh: prompt for MariaDB 11.8/12.1 in interactive install, pass --mariadb-version to install.py
- cyberpanel_upgrade.sh: add MARIADB_VER (default 11.8), --mariadb-version arg, interactive prompt, write /etc/cyberpanel/mariadb_version, use in MariaDB.repo
- plogical/upgrade.py: read mariadb_version from /etc/cyberpanel/mariadb_version in fix_almalinux9_mariadb(), default 11.8
- Install: add LiteSpeed repo (repo.litespeed.sh), install openlitespeed; keep official binary if >= 1.8.5, else optional custom binary overlay
- Upgrade: add repo, upgrade openlitespeed package; only run installCustomOLSBinaries if version < 1.8.5
- LSWS: fallback to 6.3.4 when API empty in cyberpanel_upgrade.sh and venvsetup.sh; sed lsws-6.0 and lsws-6.3.4 to latest stable
- plogical/upgrade: add_litespeed_repo(), get_installed_ols_version(); install.py: add_litespeed_repo(), get_installed_ols_version()
Only files that match current live server; excludes settings.py (deployment-specific), pluginHolder/pluginInstaller (repo ahead), install/cyberpanel scripts (diff), and deleted static files (still on server).
- Add CyberCPLogFileWriter.get_current_timestamp() for errorSanitizer (fixes 500 logging)
- After upgrade/install: fetch meta.xml from raw GitHub and overwrite installed file so
store version (e.g. 1.1.0) is correct even when archive ZIP is cached/stale
- Upgrade/install: discover ZIP top-level folder and match plugin folder case-insensitively
- Improves redisManager/memcacheManager upgrade and all store installs
- Enhanced MariaDB-server-compat package removal with multiple aggressive attempts
- Added --allowerasing and dnf exclude to prevent compat package conflicts
- Added MariaDB binary verification before password change
- Added service status verification and wait time
- Improved error handling and graceful failure
- Fixed FileNotFoundError when mysql command not found
Fixes:
- MariaDB-server-compat-12.1.2-1.el9.noarch conflict with MariaDB 10.11
- mysql command not found after failed installation
- Installation proceeding when MariaDB wasn't actually installed
- install_utils.call: use shell=True for commands with ||, 2>, |, etc.
Avoids 'No matching repo to modify: 2>/dev/null, true, ||' when
dnf config-manager '... 2>/dev/null || true' is run via shlex.split.
- Add explicit 'rpm -e --nodeps MariaDB-server-compat-12.1.2-1.el9.noarch'
before dnf remove in main(), installMySQL, fix_almalinux9_comprehensive.
- upgrade fix_almalinux9_mariadb: add compat removal before MariaDB install;
use MariaDB 10.11 repo instead of 12.1 to avoid compat conflicts.
- Updated fallback version in versionFetcher.py to 5.2.3
- Updated fallback version in upgrade.py to 5.2.3
- Uses latest stable phpMyAdmin version (released 2025-10-08)
- Reference: https://www.phpmyadmin.net/files/5.2.3/
- Updated phpmyadminsignin.php to accept token and username via both GET and POST
- Fixes issue where phpMyAdmin access fails when accessed with GET parameters
- Maintains backward compatibility with existing POST-based authentication
- Resolves 404 error when accessing phpMyAdmin via CyberPanel interface
- Added migrateRainloopToSnappymail() function to automatically migrate email data
- Migrates from /usr/local/lscp/cyberpanel/rainloop/data to /usr/local/lscp/cyberpanel/snappymail/data
- Uses rsync to preserve permissions and ownership
- Updates include.php files to use new snappymail path
- Includes safety checks to prevent data overwriting
- Added migration logic to cyberpanel_upgrade.sh
- Updated default paths from rainloop to snappymail
- Deprecates rainloop folder in 2.5.5-dev
- Fixed perHostDomainConf() to replace {virtualHostName} placeholder in olsChildConf template
- Updated lswsChildConf template to use master domain log directory
- Updated lswsRediConfChild and lswsRediConfChildWWW templates to use master domain log directory
- Added automatic log directory and log file creation for child domains during creation
- Log files are now created at /home/{masterDomain}/logs/{childDomain}.{access|error}_log
- Ensures all newly created sub-domains automatically have separate log files from the start
This permanent fix ensures that when child domains are created:
1. VHost config uses correct log paths pointing to master domain's log directory
2. Log directory is created if it doesn't exist
3. Separate log files are created for each child domain with proper permissions
4. Works for both OpenLiteSpeed (OLS) and LiteSpeed Enterprise (LSWS) configurations
Fixes the root cause so all future child domain creations will have correct log configuration automatically.
- Always download compatible ModSecurity binary after installation
- Removes conditional check for custom_ols_marker
- Fixes undefined symbol: mdb_env_create error
- Prevents OpenLiteSpeed crashes with SIGSEGV signal 11
- Compatible with Ubuntu 24.04, RHEL 8/9, Debian 11/12
The fix ensures that compatible ModSecurity binaries (built without
LMDB dependency or with LMDB statically linked) are always used,
preventing the runtime symbol lookup errors that cause crashes.
Related: https://github.com/usmannasir/cyberpanel/issues/1626
- Fixed bug where regular users (UserACL) cannot create websites
- Changed UserACL createWebsite permission from 0 to 1
- Also enabled modifyWebsite and deleteWebsite for consistency
- Resolves issue where non-admin/reseller users were blocked from creating websites
Related changes:
- UserACL: createWebsite: 0 -> 1
- UserACL: modifyWebsite: 0 -> 1
- UserACL: deleteWebsite: 0 -> 1
- suspendWebsite remains 0 (admin-only feature)
This allows regular users to create, modify, and delete their own websites
while maintaining proper ownership checks and security controls.
- Fixed CloudFlare proxy toggle button to display as oblong with round dot
- Enable CloudFlare proxy by default for all domains/subdomains except mail domains
- Automatically add AAAA (IPv6) DNS records when creating domains/subdomains
- Added GetServerIPv6() function to retrieve server IPv6 address
- Updated DNS template styling and Angular.js binding for toggle buttons
- Filter domain dropdown to show only main domains (exclude sub-domains)
- Add automatic CloudFlare DNS record deletion when domains/sub-domains are removed
- Improve DNS Records table display to match SSH Logins/Logs table styling
- Add loading states and proper table structure with ng-if conditions
- Update CSS to match activity-table styling with sticky headers
