0.3.5

Released on November 08, 2024

🚀 New features​

• Email notifications for OpenPanel users.
• Option to change password for email accounts, set quota, suspend incoming/outgoing emails from the 'OpenPanel > Emails' page.
• Users can now view and terminate active sessions for their account from the 'OpenPanel > Account > Active Sessions' page.
• Administrators can now set rate limiting and blocking limits for both OpenPanel and OpenAdmin login pages.
• Administrators can now set session duration for OpenPanel users.
• Administrators can now create a custom template to be displayed on domains without any content.
• New command opencli admin logs is available for multitail all OpenAdmin services logs.
• Error IDs to help administrators trace OpenPanel errors with the new command opencli error.
• opencli domais-delete command.

️🚨 Security fixes​

• Insecure Permission Modification via Fix Permission Function – vulnerability in 'OpenPanel > Files > Fix Permissions' allowed an attacker to access other files outside of the /home/username/ directory within the user's container.
• Remote Code Execution via Fix Permission – vulnerability in 'OpenPanel > Files > Fix Permissions' allowed an attacker to execute commands inside the OpenPanel UI container which is accessible to all users.
• Remote Code Execution via Change Time Zone – vulnerability in 'OpenPanel > Server > Change TimeZone' allowed an attacker to execute commands inside the OpenPanel UI container which is accessible to all users.
• Unauthorized File Access via Copy Function – vulnerability in 'copy' function on the 'OpenPanel > File Manager' page allowed an attacker to access files from the OpenPanel UI container.
• Unauthorized File Access via Compress Function – vulnerability in 'compress' function on the 'OpenPanel > File Manager' page allowed an attacker to compress files from the OpenPanel UI container.
• Unauthorized File Access – vulnerability in the url parsing on 'OpenPanel > File Manager' page allowed an attacker to access files from the OpenPanel UI container.
• Unauthorized File Access via Download Function – vulnerability in 'download' function on the 'OpenPanel > File Manager' page allowed an attacker to download files from the OpenPanel UI container.
• Unauthorized File Access via View Function – path traversal vulnerability in 'view file' function on the 'OpenPanel > File Manager' page allowed an attacker to manipulate the file path and view files from the OpenPanel UI container.

🐛 Bug fixes​

• Password reset for openpanel users does not end all active sessions on that user #66
• Error when changing email settings #208
• phpmyadmin gives token error #265
• Weird error when I add domain #266
• 'Supplied non-number argument' error when creating emails #268
• _mysql_connector.MySQLInterfaceError: MySQL server has gone away #269
• [Errno 2] No such file or directory: '/etc/openpanel/clamav/domains.list' #271
• Bug with install script on Debian12 Hetzner ISO.

💅 Polish​

• Python version for OpenPanel is updated from 3.10 to 3.12.
• Inline documentation for every page on OpenAdmin interface.
• opencli user-login will now display list of users to select and autocomplete username.
• Optimized openpanel/openpanel:latest docker image.
• git and apparmor are now installed automatically on Debian12.
• Email and FTP accounts for use are now deleted when OpenPanel user is terminated.
• Email folders are now automatically created for new domains.
• SSL, DNS, Proxy settings, blocked IPs, ClamAV settings and websites are now automatically deleted when domain is removed.
• Terms no longer need to be accepted for new installations.