Version 1.677

Released: 2025-05-19

• Support for RHEL 10 systems new
• Filemanager upload hook newupdate
• ‼️ Enhanced skin uses UTF-8 encoding by default update
• File Manager breadcrumb refactored evolutionupdate
• Improved filename validation in File Manager rename dialog evolutionupdate
• Software version changes custombuildupdate
• Updated DNS providers list for wild-card ACME certs custombuildupdate
• Roundcube installer and customisations custombuildupdate
• Default Change: ACME certificates will renew 17 days before expiry
• PHP Phalcon extension enabled for PHP 8.4 custombuildupdate
• PHP mcrypt extension is optional for old PHP versions custombuildupdate
• New MySQL/MariaDB configuration structure, better integration with system packages custombuildupdate
• Consuming Login URLs update
• Symlink folders in File Manager's folder tree are now clickable evolutionfix
• Incorrect account info for reseller statistics evolutionfix
• Show "Leave DNS" option evolutionfix
• Stop removing new line characters for in global CUSTOM tokens when generating redirects fix
• Replacing /etc/yum.conf symlink on CloudLinux servers with simple file fix
• ‼️ Removed ssl_port configuration option from directadmin.conf removal
• Removed unified_ftp_password_file configuration option from directadmin.conf removal
• Removed Refreshed layout arrangement for tablets evolutionremoval

Support for RHEL 10 systems new

Starting this release, DirectAdmin can be used on RHEL 10 systems.

Temporary limitations:

• The official rspamd repositories do not yet support RHEL 10. Only spamassasin can be used at the moment.
• The PHP mcrypt extension is not supported.

Filemanager upload hook newupdate

A new hook for filemanager upload is added file_manager_upload_pre.sh. This hook is a successor of now depreated file_manager_upload_post.sh hook.

It's a similar hook with a couple key differences:

• New hook acts on a fully uploaded temporary file (not target file)
• If the hook exits with non-zero status, the upload is cancelled and temporary file is removed by DirectAdmin (target file is left untouched)

‼️ Enhanced skin uses UTF-8 encoding by default update

The Enhanced skin used to use Windows-1252 encoding by default. It was possible to customise the encoding for custom skins by changing the LANG_ENCODING in data/skins/enhanced/lang/en/lf_standard.html.

Starting this release, the Enhanced skin will always use UTF-8 as the default content encoding. The LANG_ENCODING token is removed from page templates.

This means that languages using non-ASCII characters no longer need to customise the LANG_ENCODING token.

The new encoding is not only used for displaying data but also for sending data. This means any data entered in the input fields will be sent to the server encoded using UTF-8 encoding.

This change can cause compatibility problems on servers that stored some data on the server using the old Windows-1252 encoding and used not only ASCII symbols but also symbols provided by the old encoding.

Examples of content that could be stored on the server still encoded with the Windows-1252 encoding and using non-ASCII symbols:

• User and reseller package names.
• File names created in File Managed.
• User comments.
• Messages sent by users.

To help with the transition to UTF-8 encoding, all User and Reseller package names will be automatically converted from Windows-1252 to UTF-8 when DirectAdmin is updated.

File Manager breadcrumb refactored evolutionupdate

The File Manager's breadcrumb navigation has been refactored for improved usability. Previously, the breadcrumb always displayed a maximum of two elements, regardless of browser width. With this update, the breadcrumb dynamically adjusts to show between 2 and 5 elements based on the available browser width, with additional path segments collapsed under an ellipsis. Overly complex features were removed to simplify usage.

Improved filename validation in File Manager rename dialog evolutionupdate

The File Manager's rename dialog now enforces stricter validation for filename's input. It no longer allows slashes or reserved filesystem names such as . and .. in the input field.

Software version changes custombuildupdate

• apr updated from 1.7.5 to 1.7.6
• composer updated from 2.8.8 to 2.8.9
• lego updated from 4.22.2-SNAPSHOT-7dfd0734 to 4.23.1-SNAPSHOT-02572881
• MariaDB 10.5 updated from 10.5.28 to 10.5.29
• MariaDB 10.6 updated from 10.6.21 to 10.6.22
• modsecurity_owasp_rules updated from 4.13.0 to 4.14.0
• nginx updated from 1.27.5 to 1.28.0
• phalcon5 updated from 5.9.2 to 5.9.3
• PHP 8.3 updated from 8.3.20 to 8.3.21
• PHP 8.4 updated from 8.4.6 to 8.4.7
• redis updated from 7.2.4 to 8.0.1
• wp-cli updated from 2.11.0 to 2.12.0

Updated DNS providers list for wild-card ACME certs custombuildupdate

The list of supported DNS providers and the options for each provider is updated.

Roundcube installer and customisations custombuildupdate

The Roundcube installation script is updated. The changes make sure Roundcube installation is more reliable, upgrades are less likely to disrupt active Roundcube users, and customisation of Roundcube is simpler.

Key changes:

• Running Roundcube installation again or upgrading Roundcube will no longer change DB credentials. Old versions used to generate new Roundcube DB credentials every time Roundcube was reinstalled.
• Roundcube update (or reinstall) will try and keep the same cookie encryption key. A new key is generated when Roundcube is installed for the first time, and the same key is reused when Roundcube is upgraded. This change ensures any existing user sessions will not get disrupted after the Roundcube upgrade.
• The default Roundcube configuration file can be customised in the same way as in previous versions, by creating the custom configuration file in ./custombuild/custom/roundcube/config.inc.php. However, the default configuration used by CustomBuild is now exposed in the file ./custombuild/configure/roundcube/config.inc.php. It makes it easier to know this file is customisable and also serves as a reference to what configuration would be used if there were no customisations.
• The default Apache config for Roundcube is now stored in ./custombuild/configure/roundcube/.htaccess. Same as in earlier versions, it can be customised by creating the ./custombuild/custom/roundcube/.htaccess file.
• Roundcube plugins, skins and extra dependencies can also be customised the same way as before, by creating ./custom/roundcube/{plugins,skins,vendor,program} directories. To make it easier to know these directories can be customised, the CustomBuild configuration directory now has ./configure/roundcube/{plugins,skins,vendor,program} directories with a README file explaining how customisation works.
• The composer.json file in the Roundcube installation directory can no longer be customised. The install script is not using Composer, so customising this file had no practical effect.
• The file with Roundcube database credentials /var/www/html/roundcube/config/my.cnf is no longer created. This file is no longer needed by CustomBuild because all Roundcube database-related operations are performed by the Roundcube PHP code.
• The post-install script to upgrade Roundcube is now executed as the webapps UNIX user instead of running it as root.
• Roundcube install or reinstall is now fully reproducible. This means reinstalling the same Roundcube version will recreate the installation directory from scratch instead of extracting files over existing files.

Default Change: ACME certificates will renew 17 days before expiry

With recent discussion for lowering maximum certificate lifetimes (from 90, possibly to 47 days), likely going into effect in the near future, this change will allow for a more efficient use of time during the lifetime of the certificate, and will lower the load on the ACME provider's system to decrease renewal frequency. The previous default was letsencrypt_renew_before_expiry_days=30 but has been changed to letsencrypt_renew_before_expiry_days=17. This may change in the future, depending on how the final duration ends up by various certificate providers.

PHP Phalcon extension enabled for PHP 8.4 custombuildupdate

The PHP phalcon extension used to be not compatible with PHP 8.4. This extension now supports PHP 8.4 and CustomBuild will start installing it with PHP 8.4.

PHP mcrypt extension is optional for old PHP versions custombuildupdate

The PHP mcrypt extension used to be unconditionally enabled for PHP versions 5.6, 7.0 and 7.1. Higher PHP versions enabled this extension only if this extension was enabled in the CustomBuild configuration.

With this release all PHP versions will get the mcrypt extension only if it is enabled in the options.conf.

Note: To avoid breaking existing installations, the php_mcrypt=yes will be automatically set in the options.conf if the server has PHP 5.6, 7.0 or 7.1 installed. We recommend disabling this PHP extension if it is not actually needed.

New MySQL/MariaDB configuration structure, better integration with system packages custombuildupdate

The way MySQL/MariaDB services are configured by the CustomBuild is updated. Instead of placing all configuration in a single /etc/my.cnf file, a drop-in style configuration directory with multiple files will be used.

• On RHEL systems configuration will be stored in the /etc/my.cnf.d directory.
• On Debian systems configuration will be stored in the /etc/mysql/conf.d directory.

The same settings that used to be in the my.cnf file will be split out into multiple files:

• File directadmin-infile.cnf disables server-side file loading.
• File directadmin-max-allowed-packet.cnf increases the max supported size for a single data blob value.
• File directadmin-native-password.cnf enables the old password format support (used only with MySQL 8.4 for compatibility reasons).
• File directadmin-socket.cnf sets the path to the UNIX socket for local connections.

These new configuration files are stored in the .../custombuild/config/mysql directory and can be customised by creating copies in the .../custombuild/custom/mysql directory.

The new configuration layout is now compatible with the configuration used by the system packages. This means CustomBuild no longer conflicts with some common system packages related to databases.

For example, on Debian systems the package mysql-common used to cause configuration conflicts. With the new layout, it is safe to install this package. Not only is it compatible with CustomBuild, but the CustomBuild will actively install the mysql-common package to create the /etc/mysql/conf.d directory.

The configuration layout change will take place the next time the MySQL or MariaDB service is installed using the da build mysql or da build mariadb commands.

Consuming Login URLs update

Login URLs can now be consumed only with a POST request. GET request now responds with an auto-submitting HTML form so for browsers the end result is the exact same.

This approach allows to share Login URLs using messaging services that have URL preview functionality. Previously URL preview itself used to consume the Login URL, rendering it no longer usable.

Symlink folders in File Manager's folder tree are now clickable evolutionfix

Previously, symlinked folders in the File Manager's folder tree did not redirect users to the target directory as expected. This release fixes the issue, and symlink folders now function correctly when clicked.

Incorrect account info for reseller statistics evolutionfix

Reseller account info page (located in System Info & Files -> Reseller Statistics -> Account Info) always displayed WordPress, Git, ClamAV, Nginx Unit as disabled.

Show "Leave DNS" option evolutionfix

Removing a user (located in admin level -> Account Manager -> Show All Users) did not display the "Leave DNS" option when multi server setup was enabled.

Stop removing new line characters for in global CUSTOM tokens when generating redirects fix

When constructing |CUSTOM| tokens for redirect domain pointer vhost, OpenLiteSpeed listeners and IPs from data/templates/custom/.CUSTOM.X.pre, All new line characters were being removed. This behaviour is now removed.

Templates affected by this change:

• redirect_virtual_host.conf
• nginx_server_redirect.conf
• openlitespeed_redirect_vhost.conf
• openlitespeed_listener.conf
• openlitespeed_ips.conf

Replacing /etc/yum.conf symlink on CloudLinux servers with simple file fix

On CloudLinux 8 and CloudLinux 9 systems, the file /etc/yum.conf is a symlink to the /etc/dnf/dnf.conf file. As part of the mod_lsapi install procedure, CustomBuild used to replace the /etc/yum.conf symlink with a normal file.

This bug is fixed. Reinstalling mod_lsapi will instead modify the /etc/dnf/dnf.conf file, leaving the /etc/yum.conf as a symlink.

‼️ Removed ssl_port configuration option from directadmin.conf removal

The DirectAdmin service no longer supports running on multiple TCP ports (one for encrypted connections and one for unencrypted connections).

The option to enable an additional listening port is removed. The motivation for discontinuing two TCP port mode is the following:

• If the system has a valid TLS certificate, then having an additional plain text port open is a security risk.
• Any integration or software that needs to access DirectAdmin service needs to be aware of dual port mode. Most of the integrations fail to handle this correctly and only connect using the primary TCP port.
• Thanks to the free certificate providers like Let's Encrypt and ZeroSSL, having a valid TLS certificate now costs nothing. It is easy to enable TLS mode using the UI.
• DirectAdmin service will never fail to start in TLS mode, even if TLS certificates are missing or misconfigured. The main service will generate self-signed certificates on the fly if needed.

The systems that used to run in dual-port mode will be automatically reconfigured to only listen on the TLS port:

• Servers that used to have port=X, ssl=0, ssl_port=Y configuration will be reconfigured to have port=Y, ssl=1.
• Servers with ssl_port=0 (disabled additional port) or ssl=1 (TLS already enabled on primary port) will not be reconfigured.

Note: Special care should be taken if HTTP proxy servers are used for proxying requests to the main DirectAdmin service. The proxy server might need to update the configuration to start using TLS instead of plain text connections.

Removed unified_ftp_password_file configuration option from directadmin.conf removal

The unified FTP password will no longer be configurable and will always be enabled. The NON-unified password mode is a legacy mode that used to work only with the ProFTPD service and blocked the multi-IP feature.

Removed Refreshed layout arrangement for tablets evolutionremoval

Previously Refreshed layout displayed differently depending on whether viewport was phone, tablet or desktop sized. Having 3 different states for arranging the page made maintenance much more complex and prevented us from introducing fixes to long standing issues with Refreshed layout.

With this change, Refreshed layout is arranged the same way for phones and tablets (where as before they had different arrangements).