Version 1.665

Released: 2024-07-11

New API for phpMyAdmin SSO new

New API endpoints for performing automatic log-in into phpMyAdmin are added:

  • A call to POST /api/phpmyadmin-sso/account-access returns an URL to log into phpMyAdmin with access to all user databases.
  • A call to POST /api/phpmyadmin-sso/database-access/{database} returns an URL to log into phpMyAdmin with access to a single database.

The response from the new API endpoints is simpler and includes a full URL without the need to construct it from multiple fields.

The old API endpoint /CMD_PMA_LOGIN still works for backwards compatibility.

Visible temporary DB users new

Some database operations require a temporary user to be created (for example importing a backup or accessing the database via phpMyAdmin direct login). These accounts are automatically removed when they are no longer needed.

Temporary database user accounts use the {username}__{random} name pattern. The double underscore __ symbol ensures they do not clash with normal user accounts. This new naming convention makes it easier to see which DirectAdmin user account owns the temporary database user account.

Support for MariaDB 11.4 custombuild new

CustomBuild is extended to support installing MariaDB 11.4.

This version of MariaDB started migration of CLI tools and commands from the ones having mysql in its name (for example mysql, mysqld, mysqldump, mysqladmin, etc.) to new names using mariadb (for example mariadb, mariadbd, mariadb-dump, mariadb-admin, etc.). Using old commands still works but a warning is shown hinting a new name should be used.

Removal script for dovecot fts-xapian plugin custombuild new

CustomBuild now supports removing fts-xapian plugin. This plugin can consume substantial amount of disk space for mail box search indexes. Removing only the plugin manually would leave no longer used index files inside mailbox directories. Removing this plugin via CustomBuild will remove the index files as well.

Note: in the upcoming Dovecot version 2.4 fts-xapian plugin will most likely be superseded by the dovecot fts-flatcurve plugin.

More reliable database backup operations improved

Database backups (part of the full user account backup) will be created in a more reliable way. Notable changes:

  • Routines and functions will always be included in the backup.
  • Multiple database user accounts can have different access hosts.
  • The backup format is extended to store the authentication plugin name to ensure future compatibility with new authentication plugins.

In earlier versions, all single database users were forced to use the same access hosts. The improvements in backup logic allow the configuration option mysqldump_routines to be removed completely.

No excessive output in da config-set command improved

CLI command da config-set no longer prints anything when configuration is updated successfully.

Older versions used to repeat configuration key and value to standard output. This often produces unexpected extra output when used in scripts.

Allow 2FA "Trust this device" feature to be used with multiple users improved

Using two-factor authentication at the log-in screen, there is an option to trust this device for some time. It avoids asking for the 2FA challenge again when the same device is used.

This feature used to allow remembering only the last used user accounts on a single device.

The feature is extended to support trusting a single device to be used for multiple user accounts.

Dovecot install script custombuild improved

CustomBuild scripts for installing dovecot and related plugins received an update. Key changes:

  • Sources will be cached in not re-downloaded when rebuilding same version of the software.
  • Sources will be downloaded directly from the upstream repositories.
  • A new CustomBuild option dovecot_fts=yes|no is added. When enabled, dovecot will be built with full text search support (using fts-xapian plugin). When disabled will offer an option to remove fts-xapian plugin.
  • Command for building fts-xapian dovecot plugin is changed from da build fts-xapian to da build dovecot_fts_xapian. Old command will continue to work to stay for compatibility reasons.
  • Command for building pigeonhole dovecot plugin is changed from da build pigeonhole to da build dovecot_pigeonhole. Old command will continue to work as well.
  • Dovecot plugins in the versions.txt file is renamed from pigeongole23 to dovecot-pigeonhole and from fts-xapian to dovecot-fts-xapian.
  • Dovecot pigeonhole plugin default configuration is simplified by removing sieve_default and sieve_global options. Options were not used by DirectAdmin. If needed options can be added back by customising the custombuild/configure/dovecot/conf.d/90-sieve.conf file.

phpMyAdmin install script custombuild improved

CustomBuild script for installing phpMyAdmin received an update. Key changes:

  • Sources will be downloaded and cached. Reinstalling the same version will use cached data.
  • Sources will be downloaded from the upstream repositories. This allows using custom version without waiting for files to be hosted on our mirror servers.
  • Old phpMyAdmin versions 4.x is no longer supported.
  • Rebuilding phpMyAdmin will always create a fresh installation without reusing data from the previous installation.

Ensure epel repository is enabled custombuild improved

Prior to installing any packages on RHEL based systems, CustomBuild will make sure epel repository is not only installed but also enabled. Keeping epel repository always enabled is recommended to receive package updates in a timely manner.

Software version changes custombuild improved

  • MariaDB 11.4 added with 11.4.2 version
  • dovecot-fts-xapian updated from 1.5.5 to 1.7.14
  • litespeed updated from 6.2.2 to 6.3
  • phalcon5 updated from 5.7.0 to 5.8.0
  • composer updated from 2.7.6 to 2.7.7
  • xapian-core updated from 1.4.22 to 1.4.25
  • MySQL 8.0 updated from 8.0.37 to 8.0.38
  • MySQL 8.4 updated from 8.4.0 to 8.4.1
  • lego updated from 4.14.2-SNAPSHOT-cd63b325 to 4.17.4-SNAPSHOT-8164e09c
  • apache2.4 updated from 2.4.59 to 2.4.62
  • imagemagick updated from 7.1.1-33 to 7.1.1-34
  • ioncube_loaders updated from 13.0.4 to 13.3.0
  • PHP 8.3 updated from 8.3.8 to 8.3.9
  • PHP 8.2 updated from 8.2.20 to 8.2.21
  • modsecurity_owasp_rules updated from 4.3.0 to 4.4.0
  • exim updated from 4.97.1 to 4.98

Note: some software components in versions.txt file now uses different names:

  • phpmyadmin5 is renamed to phpmyadmin, version value no longer includes the -all-languages suffix.
  • pigeonhole23 is renamed to dovecot-pigeonhole
  • fts-xapian is renamed to dovecot-fts-xapian

Updated GRUB configuration logic custombuild improved

CustomBuild has a command to detect and add missing kernel parameters to the GRUB configuration. This is done with da build grubconfig command.

This command is extended to work correctly on RHEL 9 based systems. It required passing extra --update-bls-cmdline parameter to apply new options to all the kernels.

Required kernel parameter detection is now improved to more accurately detect missing options and avoid extra options which are already enabled by default on modern systems.

GRUB configuration file detection is limited to /boot/grub* directories instead of the whole /boot directory. This change avoids updating grub configuration files in ESP partition. On Debian based systems with UEFI a manual call to grub-install can be used to recreate /boot/efi/EFI/debian/grub.conf if file is not up to date.

Improved WordPress instances list page evolution improved

In this release, we've made the WordPress instances list page more user-friendly and more visually appealing with key differences:

  • When there's an error with a WordPress configuration, we now highlight the affected database row and display the error message directly below it. This is a change from the old method where databases with issues were placed in a separate table.
  • Eliminated the use of dialog boxes for certain actions, moving to a more integrated approach with Configure Auto Update and Manage Database Configurations.
  • The Configure Auto Update feature has been integrated into the page as an expandable table row, making it easier to access without leaving the context of the list.
  • The Manage Database Configurations option has been given its own dedicated page.

Pending WordPress instancesPending WordPress instances

Installed WordPress instancesInstalled WordPress instances

Manage Database Configurations pageManage Database Configurations

Prevent trailing spaces when creating a new file or folder in File Manager evolution improved

A new validation rule was added to prevent accidental trailing spaces from being inputed when creating files or folders in File Manager.

Apply date format customisation to user and reseller level statistics widgets evolution improved

User and reseller statistics widgets now display "Active Since" date in the format that's been customised in skin options.

Incorrect file contents representation with non-ASCII symbols in Enhanced skin fixed

Some places in the Enhanced skin (for example showing the comment of the user account, listing configuration file contents, etc.) used to incorrectly escape non-ASCII symbols.

The bug is fixed, and file contents will be shown as they are stored on the file system.

Allow domain pointer MX records to be edited evolution fixed

Within user level DNS page (Account Manager -> DNS Management) editing domain pointer's MX records no longer throws validation errors when it shouldn't.

Prevent any more api requests after disabling auto reload evolution fixed

Tables that have auto reload feature now no longer runs api requests once "Disable Auto Reload" is selected. Previously if an api requests was being executed as the button was pressed, the button did not actually prevent any more api requests from running.

An example of this can be seen in the Process Monitor page (Admin Tools -> Process Monitor). Click on the little blue clock icon, wait for an api request to be executed and while it's working click "Disable Auto Reload".

Display all subscribers in mailing list evolution improved fixed

Within mailing list view page (accessible by going to E-mail Manager -> Mailing Lists -> and then clicking any mailing list name in the table) the subscriber table previously displayed a limited number of subscribers. If within a different page user had set another similar looking table to display (for example) 10 items per page, the mailing list page would also display only 10 items, without options to change the number of subscribers shown per page or ability to navigate through table pages.

The old table has been replaced and pagination completely removed. Now all subscribers are displayed within the table and a filter at the top of the table has been added which allows quick lookup based on e-mail.

In addition to that the following changes/fixes have been made:

  • adding an email address to regular or digest list, automatically switches user to that tab
  • switching domains while already inside the page no longer breaks api requests

Example of what the page now looks like is given below:

Mailing List View Page

Don't allow special characters for login key names evolution fixed

When creating login keys (available in Advanced Features -> Login Keys -> Create Key page) users can no longer attempt to create login keys that have special characters in them (punctuation marks, spaces, etc...).

Remove validation for cron job email address evolution fixed

It is no longer impossible to leave email address input as blank (go to user level -> Advanced Features -> Cron Jobs -> Send All Cron Output to E-mail). This means users can now prevent mail from being sent out to the previously set email address.

Allow multiple email addresses to be added to mailing list with a single input evolution fixed

Multiple email addreses can once again be added at once (accessible by going to E-mail Manager -> Mailing Lists -> clicking any mailing list name in the table -> Add Subscriber).

Email addresses have to be separated by a comma. For example: "example1@example.com, example2@example.com". A tooltip has also been added which explains this.

Previously "Profile Setup" link (present in "Your Account" widget within user or reseller levels) redirected to user statistics page. It now redirects to user profile page.

Patch for AWStats 7.9 to fix infinite loop fixed

AWStats version 7.9 sometimes can cause stats processing to hang with infinite loop. The issue has been reported and fixedopen in new window in the upstream but will not be available until next the AWStats release. AWStats release cycles are quite slow, so a hot-fix from upstream is added as a patch in CustomBuild to make it available for everyone until the next version is released.

Rebuilding AWStats with the da build awstats command will apply the patch.

Note: It will not be reported as an available update because the version number stays the same.

Allow DB passwords with special symbols in script backup_roundcube.php fixed

Script file scripts/backup_roundcube.php is used to backup Roundcube related data from the database into an XML file. It reads database credentials from conf/mysql.conf file. The script would not correctly detect the DB password if it contained special symbols like ;.

The script is updated to parse the file in the same way as the DirectAdmin service. This allows using any symbols in the DB password.

Escape sequences in cronjobs imported from cPanel fixed

A tool for importing user accounts from cPanel servers is updated to correctly import cronjobs that have back-clash escape sequences.

Previous versions would omit the backslashes during import.

Ignore outside of home directory FTP accounts imported from cPanel fixed

An import from the cPanel server will automatically exclude the FTP accounts, which are configured to serve files from outside of the user home directory.

Prior to this change, such FTP accounts could block the import task.

Extracting files that start with dashes from archives in FileManager fixed

FileManager is fixed to properly handle adding and extracting files to a ZIP archive that have names starting with with - symbol.

Deprecate /CMD_LOGIN?json=yes removed

Sending login requests to POST /CMD_LOGIN?json=yes (in JSON format) is deprecated. The new API endpoint POST /api/login should be used instead.

Normal HTML form post requests are not affected by this change.

To help with gradual transition starting this release 1/10 of the requests to /CMD_LOGIN using JSON will start failing with an error message explaining that new API should be used instead.

In future releases CMD_LOGIN will no longer return json response at all and should be used exclusively with HTML forms.

Configuration option old_public_html_link is removed from directadmin.conf. old_public_html_link was used for demo accounts do switch ~/public_html from being a symlink to users default domain, to being a directory of symlinks to all domains.

Now users ~/public_html will always be a symlink to users default domain.

Removed the docsroot option in user configuration removed

In user configuration, the surplus docsroot option is removed in favor skin option. This change completely removes non-system skins.

All users using non-system skin will get switched to default system skin.

Removed the allow_admin_login_as_to_reseller_skin configuration option removed

Configuration option allow_admin_login_as_to_reseller_skin is removed from directadmin.conf. This option become obsolete due to removal of non-system skin.

Removed the mysqldump_routines configuration option from directadmin.conf removed

The option mysqldump_routines is no longer needed. A new database backup code will always include routines and functions in the backups.

Removed support for security questions removed

From this release security questions will no longer work.

Removed endpoints:

  • CMD_SECURITY_QUESTIONS
  • CMD_API_SECUIRTY_QUESTIONS
  • CMD_ASK_SECURITY_QUESTION

Removed configuration options from directadmin.conf:

  • security_questions
  • max_security_question_attempts
  • block_ip_after_failed_security_questions

Api endpoints changed :

  • /api/session: configFeatures.securityQuestions
  • /api/session/user-config and /api/users/{username}/config: securityQuestions
  • /api/login no longer accepts SecurityQuestion field an will no longer return LoginFailedSecQuestionsResponse error.

Removed the database_system_users taskq action removed

Handler of action=rewrite&value=database_system_users dataskq action is removed.

This action was introduced in DirectAdmin 1.62.8.

Using same user name and password for database account as main DirectAdmin account is discouraged.

Removed some built-in widgets in Evolution skin evolution removed

The following widgets were removed from Evolution skin:

  • Admin level widgets - WGT_SYSTEM_INFO, WGT_LICENSE, WGT_UPDATES, WGT_IP_MANAGER.
  • Reseller level widgets - WGT_SYSTEM_INFO, WGT_IP_CONFIG.
  • User level widgets - WGT_DB, WGT_SYSTEM_INFO, WGT_EMAIL_POP.

The motivation for widgets removal is to avoid duplicating the same information in the widget area that is already available on a separate page. The widget area is too small to fit this amount of information.

We are planning to upgrade widgets to only show summaries or aggregate data instead of trying to list all the information already available on dedicated pages.

Last Updated: