Releases: cloudpanel-io/cloudpanel-ce
Releases · cloudpanel-io/cloudpanel-ce
v2.4.2
New
- Debian 12 and Ubuntu 24.04 with HTTP/3 Support
- Node.js 22 LTS Support
- Translations: Serbian, Georgian
Bug Fixes
v2.4.1
New
- Translations: Bosnian
Enhancements
- The issuance of Let's Encrypt certificates is being tested against the staging environment first to avoid rate limit errors
- The performance of creating sites, especially Node.js sites, has been enhanced
Bug Fixes
- #382 phpMyAdmin sorting not working
- #383 Instance Reboot at Admin/Instance/Setting doesn't reboot and block auto login from login pages
- #406 CloudPanel Dashboard doesn't when using the AWS EC2 installer.
- Translation Fixes
Security
- Vulnerability that allows a user with the lowest privilege to conduct a session hijacking, subsequently gaining unauthorized access to the admin and other user accounts. (Muhammad Aizat, datack.my)
v2.4.0
New
- PHP 8.3 Support
- Node.js 20 LTS Support
- Translations: Danish, Czech
Enhancements
- The databases are backed up prior to executing remote backup
- The site settings and vhost are being included in the remote backup file
- Updated phpMyAdmin to 5.2.1
Bug Fixes
- #329 duplicate settings key in file-manager.conf
- #338 The original certificate is not removed when you delete a web application
- #355 Login Page Autocomplete/Password Manager Issue
- #359 When you delete a website the nodejs app started with PM2 is not deleted
- #367 phpMyAdmin basic auth doesn't work when CloudPanel basic auth is enableds
Security
- File Manager: New file chown issue (CVE-2023-43880)
- File Manager: Zip symlink (BSDTAR) (CVE-2023-43881)
- Command Injection (Yell Phone Naing)
v2.3.2
New
- Translation: Koran, Persian
Enhancements
- Vietnamese, Chinese Translation
- RTL stylesheet improvements
Security
- [#298 MySQL Root Password Leak from site user (Thanks to Yell Phone Naing)](#298)
- Critical: Privilege Escalation to root from user (Thanks to Yell Phone Naing)
v2.3.1
Bug Fixes
- #287 Colon in remote cloud backup breaks most filesystems
- #290 File Manager Extract not working since v2.3.0
- #293 Strange \n\n inside the certificate file used for custom domain.
- Translation Fixes
Security
- Critical (CVE-2023-35885): Insecure file manager cookie authentication (Muhammad Aizat, datack.my)
- Insecure File Upload leads to Privilege Escalation and Authentication Bypass (Muhammad Zulfiqar)
v2.3.0
New
- Translations: Bulgarian
- New CloudPanel CLI Root Commands:
- User:
- user:add
- user:delete
- user:list
- Site:
- site:install:certificate
- User:
Enhancements
- The site user name and password can be entered manually for new WordPress sites.
Bug Fixes
- #278 CLI need normalize domain name field
- #284 CLPCTL - Problem with special characters in password result false error
- Translation Fixes
Security
- Critical (CVE-2023-33747): Privilege Escalation to root from user, big thanks to Muhammad (datack.my, host.sabily.info) for reporting and testing
- OS Command Injection, big thanks to Laurence from crowdsec.net for reporting and testing
v2.2.2
New
- MariaDB 10.11 LTS Support
- Hebrew
- Japanese
Bug Fixes
v2.2.1
v2.2.0
v2.1.0
New
Improvements
- Generate Password Link for Site User Password Update
Bug Fixes