Skip to content

Releases: cloudpanel-io/cloudpanel-ce

v2.5.0

26 Nov 09:27
Compare
Choose a tag to compare

New

  • PHP 8.4 Support
  • MariaDB 11.4 Support
  • Translations: Hungarian, Slovak, Thai

Bug Fixes

  • #471 username error
  • #476 Shebang incorrect in /usr/bin/clpctl
  • #484 Unexpected brackets at the beginning of files
  • #500 Custom cron commands are not working
  • #505 Web based File Manager does not upload files
  • #511 .well-known directory deleted after certificate renew
  • #527 Unable to login with site user via ssh key when ftp user is created (Thanks to ccMatrix)
  • #530 File permissions revert to 0770 after file modification
  • #535 "Additional Configuration Directives" doesn't allow for spaces in value
  • #540 S3 backup - Region - Middle East (UAE) me-central-1 missing
  • Translation Fixes

Enhancements

  • Added new AWS regions for S3 remote backup

Security

  • Privilege Escalation from clpctlWrapper command (Yell Phone Naing) (HIGH)
  • Privilege Escalation: Site User Access Allows Linux Password Changes (HIGH) (Yell Phone Naing)
  • Server IP disclosure despite using Cloudflare (Yell Phone Naing)

v2.4.2

21 May 15:02
Compare
Choose a tag to compare

New

  • Debian 12 and Ubuntu 24.04 with HTTP/3 Support
  • Node.js 22 LTS Support
  • Translations: Serbian, Georgian

Bug Fixes

v2.4.1

22 Jan 15:11
Compare
Choose a tag to compare

New

  • Translations: Bosnian

Enhancements

  • The issuance of Let's Encrypt certificates is being tested against the staging environment first to avoid rate limit errors
  • The performance of creating sites, especially Node.js sites, has been enhanced

Bug Fixes

Security

  • Vulnerability that allows a user with the lowest privilege to conduct a session hijacking, subsequently gaining unauthorized access to the admin and other user accounts. (Muhammad Aizat, datack.my)

v2.4.0

27 Nov 12:20
Compare
Choose a tag to compare

New

  • PHP 8.3 Support
  • Node.js 20 LTS Support
  • Translations: Danish, Czech

Enhancements

  • The databases are backed up prior to executing remote backup
  • The site settings and vhost are being included in the remote backup file
  • Updated phpMyAdmin to 5.2.1

Bug Fixes

Security

  • File Manager: New file chown issue (CVE-2023-43880)
  • File Manager: Zip symlink (BSDTAR) (CVE-2023-43881)
  • Command Injection (Yell Phone Naing)

v2.3.2

21 Aug 13:54
Compare
Choose a tag to compare

New

  • Translation: Koran, Persian

Enhancements

  • Vietnamese, Chinese Translation
  • RTL stylesheet improvements

Security

v2.3.1

20 Jun 08:03
Compare
Choose a tag to compare

Bug Fixes

Security

  • Critical (CVE-2023-35885): Insecure file manager cookie authentication (Muhammad Aizat, datack.my)
  • Insecure File Upload leads to Privilege Escalation and Authentication Bypass (Muhammad Zulfiqar)

v2.3.0

06 Jun 07:19
Compare
Choose a tag to compare

New

  • Translations: Bulgarian
  • New CloudPanel CLI Root Commands:
    • User:
      • user:add
      • user:delete
      • user:list
    • Site:
    • site:install:certificate

Enhancements

  • The site user name and password can be entered manually for new WordPress sites.

Bug Fixes

Security

  • Critical (CVE-2023-33747): Privilege Escalation to root from user, big thanks to Muhammad (datack.my, host.sabily.info) for reporting and testing
  • OS Command Injection, big thanks to Laurence from crowdsec.net for reporting and testing

v2.2.2

03 Apr 12:33
3e154cf
Compare
Choose a tag to compare

New

  • MariaDB 10.11 LTS Support
  • Hebrew
  • Japanese

Bug Fixes

v2.2.1

28 Feb 17:21
3e154cf
Compare
Choose a tag to compare

v2.2.0

08 Dec 14:44
3e154cf
Compare
Choose a tag to compare