1.7.1

Released on November 25, 2025

💅 Polish​

• Changing the default PHP version via OpenPanel > PHP > Default version will now attempt to disable the previous version, provided it’s not used by any other domain.
• Upgraded ConfigServer Firewall & Security to Sentinel Firewall.
• OpenAdmin > Security > Disable OpenAdmin, OpenAdmin > Advanced > Change Root Password and OpenAdmin > Advanced > Terminal are now limited to Super-Admin only.
• Added option to set custom favicon in OpenAdmin > Settings > OpenPanel.
• Removed classes from all input fields on OpenPanel: file:-my-2 file:-ml-2.5 file:cursor-pointer file:rounded-l-[5px] file:rounded-r-none file:border-0 file:px-3 file:py-2 file:outline-none focus:outline-none disabled:pointer-events-none file:disabled:pointer-events-none file:border-solid file:border-gray-300 file:bg-gray-50 file:text-gray-500 file:hover:bg-gray-100 file:dark:border-gray-800 file:dark:bg-gray-950 file:hover:dark:bg-gray-900/20 file:disabled:dark:border-gray-700 file:[border-inline-end-width:1px] file:[margin-inline-end:0.75rem] file:disabled:bg-gray-100 file:disabled:text-gray-500 file:disabled:dark:bg-gray-800.
• Added random session secret keys for both OpenPanel and OpenAdmin UI.
• Added .htaccess templates for WordPress (OpenLitespeed and Apache).
• OpenAdmin > Users > single user page will no longer display error 'str object' has no attribute 'disk_used' if 'quotas' are not installed on the server.
• Improvements to the install script: --no-ssh flag is removed, --post-install` flag can now also contain url to download a bash file before executing it.
• OpenPanel > Advanced > Services will no longer display disabled webservers and mysql type for the user.
• OpenAdmin > Advanced > Process Manager now displays 'sorted by' in page title.
• OpenAdmin > Users > single user > Overview now displays: user ID (UID), home directory, web server type, mysql type, varnish caching.
• Added optional flags: --admin and --cli to opencli update

🚨 Security fixes​

• Remote code execution (RCE)* triggered by specially crafted HTTP requests that manipulate parameters passed to the server-side command wrapper.

🐛 Bug Fixes​

• Changing PHP Version not showing error message #777
• Fixed js bug on OpenAdmin > Users > single user > Services that cause the input fields for CPU and RAM limits to not be editable.
• No option to change SuperAdmin password #791
• Bug in OpenAdmin UI on Password strength indicators - yellow css class missing #793