Version 1.677
Released: 2025-05-19
new
Support for RHEL 10 systemsStarting this release, DirectAdmin can be used on RHEL 10 systems.
Temporary limitations:
- The official
rspamd
repositories do not yet support RHEL 10. Only spamassasin can be used at the moment. - The PHP mcrypt extension is not supported.
new improved
Filemanager upload hookA new hook for filemanager upload is added file_manager_upload_pre.sh
. This hook is a successor of now depreated file_manager_upload_post.sh
hook.
It's a similar hook with a couple key differences:
- New hook acts on a fully uploaded temporary file (not target file)
- If the hook exits with non-zero status, the upload is cancelled and temporary file is removed by DirectAdmin (target file is left untouched)
improved
‼️ Enhanced skin uses UTF-8 encoding by defaultThe Enhanced skin used to use Windows-1252
encoding by default. It was possible to customise the encoding for custom skins by changing the LANG_ENCODING
in data/skins/enhanced/lang/en/lf_standard.html
.
Starting this release, the Enhanced skin will always use UTF-8
as the default content encoding. The LANG_ENCODING
token is removed from page templates.
This means that languages using non-ASCII characters no longer need to customise the LANG_ENCODING
token.
The new encoding is not only used for displaying data but also for sending data. This means any data entered in the input fields will be sent to the server encoded using UTF-8 encoding.
This change can cause compatibility problems on servers that stored some data on the server using the old Windows-1252
encoding and used not only ASCII symbols but also symbols provided by the old encoding.
Examples of content that could be stored on the server still encoded with the Windows-1252
encoding and using non-ASCII symbols:
- User and reseller package names.
- File names created in File Managed.
- User comments.
- Messages sent by users.
To help with the transition to UTF-8 encoding, all User and Reseller package names will be automatically converted from Windows-1252
to UTF-8
when DirectAdmin is updated.
evolution improved
File Manager breadcrumb refactoredThe File Manager's breadcrumb navigation has been refactored for improved usability. Previously, the breadcrumb always displayed a maximum of two elements, regardless of browser width. With this update, the breadcrumb dynamically adjusts to show between 2 and 5 elements based on the available browser width, with additional path segments collapsed under an ellipsis. Overly complex features were removed to simplify usage.
evolution improved
Improved filename validation in File Manager rename dialogThe File Manager's rename dialog now enforces stricter validation for filename's input. It no longer allows slashes or reserved filesystem names such as .
and ..
in the input field.
custombuild improved
Software version changesapr
updated from1.7.5
to1.7.6
composer
updated from2.8.8
to2.8.9
lego
updated from4.22.2-SNAPSHOT-7dfd0734
to4.23.1-SNAPSHOT-02572881
MariaDB 10.5
updated from10.5.28
to10.5.29
MariaDB 10.6
updated from10.6.21
to10.6.22
modsecurity_owasp_rules
updated from4.13.0
to4.14.0
nginx
updated from1.27.5
to1.28.0
phalcon5
updated from5.9.2
to5.9.3
PHP 8.3
updated from8.3.20
to8.3.21
PHP 8.4
updated from8.4.6
to8.4.7
redis
updated from7.2.4
to8.0.1
wp-cli
updated from2.11.0
to2.12.0
custombuild improved
Roundcube installer and customisationsThe Roundcube installation script is updated. The changes make sure Roundcube installation is more reliable, upgrades are less likely to disrupt active Roundcube users, and customisation of Roundcube is simpler.
Key changes:
- Running Roundcube installation again or upgrading Roundcube will no longer change DB credentials. Old versions used to generate new Roundcube DB credentials every time Roundcube was reinstalled.
- Roundcube update (or reinstall) will try and keep the same cookie encryption key. A new key is generated when Roundcube is installed for the first time, and the same key is reused when Roundcube is upgraded. This change ensures any existing user sessions will not get disrupted after the Roundcube upgrade.
- The default Roundcube configuration file can be customised in the same way as in previous versions, by creating the custom configuration file in
./custombuild/custom/roundcube/config.inc.php
. However, the default configuration used by CustomBuild is now exposed in the file./custombuild/configure/roundcube/config.inc.php
. It makes it easier to know this file is customisable and also serves as a reference to what configuration would be used if there were no customisations. - The default Apache config for Roundcube is now stored in
./custombuild/configure/roundcube/.htaccess
. Same as in earlier versions, it can be customised by creating the./custombuild/custom/roundcube/.htaccess
file. - Roundcube plugins, skins and extra dependencies can also be customised the same way as before, by creating
./custom/roundcube/{plugins,skins,vendor}
directories. To make it easier to know these directories can be customised, the CustomBuild configuration directory now has./configure/roundcube/{plugins,skins,vendor}
directories with a README file explaining how customisation works. - The
composer.json
file in the Roundcube installation directory can no longer be customised. The install script is not using Composer, so customising this file had no practical effect. - The directory
./program
can no longer be customised. This used to allow replacing critical Roundcube source files. This customisation is discontinued because it is very fragile and nearly impossible to support multiple Roundcube versions. - The file with Roundcube database credentials
/var/www/html/roundcube/config/my.cnf
is no longer created. This file is no longer needed by CustomBuild because all Roundcube database-related operations are performed by the Roundcube PHP code. - The post-install script to upgrade Roundcube is now executed as the
webapps
UNIX user instead of running it asroot
. - Roundcube install or reinstall is now fully reproducible. This means reinstalling the same Roundcube version will recreate the installation directory from scratch instead of extracting files over existing files.
Default Change: ACME certificates will renew 17 days before expiry
With recent discussion for lowering maximum certificate lifetimes (from 90, possibly to 47 days), likely going into effect in the near future, this change will allow for a more efficient use of time during the lifetime of the certificate, and will lower the load on the ACME provider's system to decrease renewal frequency. The previous default was letsencrypt_renew_before_expiry_days=30
but has been changed to letsencrypt_renew_before_expiry_days=17
. This may change in the future, depending on how the final duration ends up by various certificate providers.
custombuild improved
PHP Phalcon extension enabled for PHP 8.4The PHP phalcon extension used to be not compatible with PHP 8.4. This extension now supports PHP 8.4 and CustomBuild will start installing it with PHP 8.4.
custombuild improved
PHP mcrypt extension is optional for old PHP versionsThe PHP mcrypt extension used to be unconditionally enabled for PHP versions 5.6
, 7.0
and 7.1
. Higher PHP versions enabled this extension only if this extension was enabled in the CustomBuild configuration.
With this release all PHP versions will get the mcrypt extension only if it is enabled in the options.conf
.
Note: To avoid breaking existing installations, the php_mcrypt=yes
will be automatically set in the options.conf
if the server has PHP 5.6
, 7.0
or 7.1
installed. We recommend disabling this PHP extension if it is not actually needed.
custombuild improved
New MySQL/MariaDB configuration structure, better integration with system packagesThe way MySQL/MariaDB services are configured by the CustomBuild is updated. Instead of placing all configuration in a single /etc/my.cnf
file, a drop-in style configuration directory with multiple files will be used.
- On RHEL systems configuration will be stored in the
/etc/my.cnf.d
directory. - On Debian systems configuration will be stored in the
/etc/mysql/conf.d
directory.
The same settings that used to be in the my.cnf
file will be split out into multiple files:
- File
directadmin-infile.cnf
disables server-side file loading. - File
directadmin-max-allowed-packet.cnf
increases the max supported size for a single data blob value. - File
directadmin-native-password.cnf
enables the old password format support (used only with MySQL 8.4 for compatibility reasons). - File
directadmin-socket.cnf
sets the path to the UNIX socket for local connections.
These new configuration files are stored in the .../custombuild/config/mysql
directory and can be customised by creating copies in the .../custombuild/custom/mysql
directory.
The new configuration layout is now compatible with the configuration used by the system packages. This means CustomBuild no longer conflicts with some common system packages related to databases.
For example, on Debian systems the package mysql-common
used to cause configuration conflicts. With the new layout, it is safe to install this package. Not only is it compatible with CustomBuild, but the CustomBuild will actively install the mysql-common
package to create the /etc/mysql/conf.d
directory.
The configuration layout change will take place the next time the MySQL or MariaDB service is installed using the da build mysql
or da build mariadb
commands.
improved
Consuming Login URLsLogin URLs can now be consumed only with a POST request. GET request now responds with an auto-submitting HTML form so for browsers the end result is the exact same.
This approach allows to share Login URLs using messaging services that have URL preview functionality. Previously URL preview itself used to consume the Login URL, rendering it no longer usable.
evolution fixed
Symlink folders in File Manager's folder tree are now clickablePreviously, symlinked folders in the File Manager's folder tree did not redirect users to the target directory as expected. This release fixes the issue, and symlink folders now function correctly when clicked.
evolution fixed
Incorrect account info for reseller statisticsReseller account info page (located in System Info & Files -> Reseller Statistics -> Account Info) always displayed WordPress, Git, ClamAV, Nginx Unit as disabled.
evolution fixed
Show "Leave DNS" optionRemoving a user (located in admin level -> Account Manager -> Show All Users) did not display the "Leave DNS" option when multi server setup was enabled.
CUSTOM
tokens when generating redirects fixed
Stop removing new line characters for in global When constructing |CUSTOM|
tokens for redirect domain pointer vhost, OpenLiteSpeed listeners and IPs from data/templates/custom/{{TEMPLATE}}.CUSTOM.X.pre
, All new line characters were being removed. This behaviour is now removed.
Templates affected by this change:
redirect_virtual_host.conf
nginx_server_redirect.conf
openlitespeed_redirect_vhost.conf
openlitespeed_listener.conf
openlitespeed_ips.conf
fixed
Replacing /etc/yum.conf symlink on CloudLinux servers with simple fileOn CloudLinux 8 and CloudLinux 9 systems, the file /etc/yum.conf
is a symlink to the /etc/dnf/dnf.conf
file. As part of the mod_lsapi
install procedure, CustomBuild used to replace the /etc/yum.conf
symlink with a normal file.
This bug is fixed. Reinstalling mod_lsapi
will instead modify the /etc/dnf/dnf.conf
file, leaving the /etc/yum.conf
as a symlink.
ssl_port
configuration option from directadmin.conf
removed
‼️ Removed The DirectAdmin service no longer supports running on multiple TCP ports (one for encrypted connections and one for unencrypted connections).
The option to enable an additional listening port is removed. The motivation for discontinuing two TCP port mode is the following:
- If the system has a valid TLS certificate, then having an additional plain text port open is a security risk.
- Any integration or software that needs to access DirectAdmin service needs to be aware of dual port mode. Most of the integrations fail to handle this correctly and only connect using the primary TCP port.
- Thanks to the free certificate providers like Let's Encrypt and ZeroSSL, having a valid TLS certificate now costs nothing. It is easy to enable TLS mode using the UI.
- DirectAdmin service will never fail to start in TLS mode, even if TLS certificates are missing or misconfigured. The main service will generate self-signed certificates on the fly if needed.
The systems that used to run in dual-port mode will be automatically reconfigured to only listen on the TLS port:
- Servers that used to have
port=X
,ssl=0
,ssl_port=Y
configuration will be reconfigured to haveport=Y
,ssl=1
. - Servers with
tls_port=0
(disabled additional port) orssl=1
(TLS already enabled on primary port) will not be reconfigured.
Note: Special care should be taken if HTTP proxy servers are used for proxying requests to the main DirectAdmin service. The proxy server might need to update the configuration to start using TLS instead of plain text connections.
unified_ftp_password_file
configuration option from directadmin.conf
removed
Removed The unified FTP password will no longer be configurable and will always be enabled. The NON-unified password mode is a legacy mode that used to work only with the ProFTPD service and blocked the multi-IP feature.
evolution removed
Removed Refreshed layout arrangement for tabletsPreviously Refreshed layout displayed differently depending on whether viewport was phone, tablet or desktop sized. Having 3 different states for arranging the page made maintenance much more complex and prevented us from introducing fixes to long standing issues with Refreshed layout.
With this change, Refreshed layout is arranged the same way for phones and tablets (where as before they had different arrangements).