- Added Modify Date column to both Table View and Plugin Store
- Implemented GitHub API integration to fetch last commit dates
- Added caching system for plugin store to prevent rate limit errors
- Enhanced plugin store with installed/enabled status enrichment
- Added comprehensive plugin development guide
- Updated testPlugin meta.xml author to usmannasir
- Added migrateRainloopToSnappymail() function to automatically migrate email data
- Migrates from /usr/local/lscp/cyberpanel/rainloop/data to /usr/local/lscp/cyberpanel/snappymail/data
- Uses rsync to preserve permissions and ownership
- Updates include.php files to use new snappymail path
- Includes safety checks to prevent data overwriting
- Added migration logic to cyberpanel_upgrade.sh
- Updated default paths from rainloop to snappymail
- Deprecates rainloop folder in 2.5.5-dev
- Remove auto-refresh timeout (3 seconds) from topProcesses page
- Add manual refresh button in page header
- Fix double percentage signs (%% -> %) in CPU Time Distribution
- Remove duplicate serverStatus.js script loading in footer_scripts block
Changes:
- Removed $timeout($scope.topProcessesStatus, 3000) from serverStatus.js
- Removed extra % sign from template (backend already includes % in values)
- Added refresh button with loading state indicator
- Removed {% load user_filters %} which is not needed in v2.4.4
- Removed Home Directory selection section (not in v2.4.4)
- Changed securityLevels to use direct Django template rendering instead of JSON encoding
- Template now matches GitHub v2.4.4 exactly
- Fixed timestamp parsing to combine fields 3 and 4 (timestamp can be split across fields)
- Fixed resource path parsing to handle query parameters (path may span multiple fields)
- Fixed size extraction to use field 9 instead of field 8 (size comes after status code)
- Resource path now correctly reconstructed until HTTP/version field is found
- Removed fallback logic that was reading from master domain log file when child domain log file was empty
- This was causing cross-contamination - showing API logs when viewing cmstest logs
- Now only reads from the specific domain's log file as determined by _get_log_file_path()
- Fixed log parsing to correctly extract resource path (field 5) and size (field 8)
- Log format doesn't include domain name, so domain is determined by which log file is read
The issue was that when cmstest log file was old/empty, the code was falling back to
reading from newstargeted.com.access_log which contained logs from all sub-domains,
causing API logs to appear when viewing cmstest logs.
- Added domain filtering in getDataFromLogFile() to only show log entries for the requested domain
- Handles cases where vhost config hasn't been updated and multiple sub-domains log to the same file
- Filters out entries from other domains even if they're in the same log file
- Added error handling for malformed log entries
- Added fallback to master domain log file if child domain log file doesn't exist or is empty
This ensures that when viewing logs for a sub-domain, only that sub-domain's logs are displayed,
even if the vhost configuration still points to the master domain's log file (which needs to be fixed separately).
- Fixed perHostDomainConf() to replace {virtualHostName} placeholder in olsChildConf template
- Updated lswsChildConf template to use master domain log directory
- Updated lswsRediConfChild and lswsRediConfChildWWW templates to use master domain log directory
- Added automatic log directory and log file creation for child domains during creation
- Log files are now created at /home/{masterDomain}/logs/{childDomain}.{access|error}_log
- Ensures all newly created sub-domains automatically have separate log files from the start
This permanent fix ensures that when child domains are created:
1. VHost config uses correct log paths pointing to master domain's log directory
2. Log directory is created if it doesn't exist
3. Separate log files are created for each child domain with proper permissions
4. Works for both OpenLiteSpeed (OLS) and LiteSpeed Enterprise (LSWS) configurations
Fixes the root cause so all future child domain creations will have correct log configuration automatically.
- Added _get_log_file_path() helper method to correctly determine log file paths
- For child domains (sub-domains), logs are stored in master domain's log directory
- Updated getDataFromLogFile() and fetchErrorLogs() to use the helper method
- Fixes issue where sub-domain logs couldn't be viewed in CyberPanel UI
- Logs are now correctly located at /home/{master_domain}/logs/{subdomain}.{access|error}_log
This resolves the bug where viewing logs for sub-domains would fail because
the code was looking for logs in /home/{subdomain}/logs/ instead of the
correct location /home/{master_domain}/logs/{subdomain}.{access|error}_log
- Always download compatible ModSecurity binary after installation
- Removes conditional check for custom_ols_marker
- Fixes undefined symbol: mdb_env_create error
- Prevents OpenLiteSpeed crashes with SIGSEGV signal 11
- Compatible with Ubuntu 24.04, RHEL 8/9, Debian 11/12
The fix ensures that compatible ModSecurity binaries (built without
LMDB dependency or with LMDB statically linked) are always used,
preventing the runtime symbol lookup errors that cause crashes.
Related: https://github.com/usmannasir/cyberpanel/issues/1626
- Changed from incorrect URI splitting to proper request.GET.get() method
- Added proper URL decoding with unquote()
- Fixed both downloadFile and RootDownloadFile functions
- Added path normalization for additional security
- Added file existence validation
- Improved error messages to match reported error format
This fixes the 'Unauthorized access: Not a valid file' error when downloading files from the file manager.
- Updated pluginHolder/urls.py to use path() instead of url()
- Added new API routes for plugin installation, uninstallation, enable, and disable
- Compatible with Django 4.x (url() was removed in Django 4.0)
Ref: PR 1644
- Fixed bug where regular users (UserACL) cannot create websites
- Changed UserACL createWebsite permission from 0 to 1
- Also enabled modifyWebsite and deleteWebsite for consistency
- Resolves issue where non-admin/reseller users were blocked from creating websites
Related changes:
- UserACL: createWebsite: 0 -> 1
- UserACL: modifyWebsite: 0 -> 1
- UserACL: deleteWebsite: 0 -> 1
- suspendWebsite remains 0 (admin-only feature)
This allows regular users to create, modify, and delete their own websites
while maintaining proper ownership checks and security controls.
- Complete guide for plugin installation and management
- Plugin development guide with code examples
- Plugin structure and requirements documentation
- TestPlugin reference guide
- Best practices and troubleshooting sections
- Author: master3395
- Enhanced plugin installer to properly extract and install plugins
- Added security middleware exception for plugin webhook endpoints
- Improved plugin listing with better error handling
- Added testPlugin as example plugin for CyberPanel plugin system
- Updated INSTALLED_APPS and URL routing for plugins
Author: master3395
- Fixed CloudFlare proxy toggle button to display as oblong with a round dot
- Enable CloudFlare proxy by default for all domains/subdomains except mail domains
- Automatically add AAAA (IPv6) DNS records when creating domains/subdomains
- Added GetServerIPv6() function to retrieve server IPv6 address
- Updated DNS template styling and Angular.js binding for toggle buttons
- Fixed CloudFlare proxy toggle button to display as oblong with round dot
- Enable CloudFlare proxy by default for all domains/subdomains except mail domains
- Automatically add AAAA (IPv6) DNS records when creating domains/subdomains
- Added GetServerIPv6() function to retrieve server IPv6 address
- Updated DNS template styling and Angular.js binding for toggle buttons
