Version 1.685
Released: 2025-09-17
custombuild new
Option to select Node.js package providerCustomBuild configuration has a new option nodejs_provider
. This option configures how to obtain the package for Node.js. It supports the following values:
- The default value is
distro
. When this option is selected, Node.js will be installed from the system (Linux distribution) package repositories. The version of Node.js will depend on the Linux distribution used on the server. - Values
nodesource-20
,nodesource-22
,nodesource-24
allow using packages provided by the NodeSource. This makes it easy to use a newer Node.js version on older systems. - Value
custom
can be used if Node.js is already installed by the server administrator by some other means. The CustomBuild will skip Node.js installation and will assume it is already installed on the server.
custombuild new
Support for PHP 8.5CustomBuild is updated to support building PHP 8.5 on all supported systems.
custombuild update
Updated installation scripts for Apache mod_hostinglimits and mod_proctitle modulesThe way CustomBuild compiles and installs Apache mod_hostinglimits
and mod_proctitle
modules is improved. Key changes:
- The source packages will be cached in the
.../custombuild/cache
directory. This means rebuilding the module again will use the cached source package. - Configuration files for the modules are added to the
.../custombuild/configure
directory. This makes it easier to customise the configuration files if needed.
Note, the Apache web server modules mod_hostinglimits
and mod_proctitle
are only used on CloudLinux servers.
custombuild update
Updated SquirrelMail installation scriptsThe SquirrelMail installer is updated. Key changes:
- Start caching source packages.
- Always perform s clean installation in a new directory. This ensures no leftover files from previous installations persist.
custombuild update
Software version changesPHP 8.5
added with8.5.0beta3
versionsquirrelmail_svn
renamed tosquirrelmail
squirrelmail_locale
renamed tosquirrelmail-locales
squirrel_logger
renamed tosquirrelmail-logger
csf
updated from15.00
to15.01
imapsync
updated from2.229
to2.290
litespeed
updated from6.3.4-4
to6.3.4-5
unit
updated from1.34.2
to1.35.0
Note: The CSF version 15.01 is a fork of the original CSF. It contains an update to the LFD service regex patterns to correctly detect failed logins for Dovecot 2.4.
update
Support for php_home_tmp_session_save_path option for all PHP modesIf the php_home_tmp_session_save_path
configuration option is enabled (it is enabled by default), then session.save_path
will be configured to be /home/{user}/tmp
for all PHP modes.
Previously php_home_tmp_session_save_path
only worked in php-fpm mode.
evolution update
Differentiation between added and built in entries in menu customizationsThe delete icon within menu customization (located in Customize Evolution Skin -> Menu) was used for both built in and newly created entries/categories. Different icons are now used for built in and newly created entries/categories to better indicate what the action does.
evolution fix
Allow creation of multiple menu entries with the same nameIt is now possible to create as many new menu entries/categories with the same name. Before this, oldest menu entry used to become invisible when a new one with the same name was created.
fix
Majordomo wrapper compilation on modern systemsThe Majordomo (mailing list manager) wrapper binary is patched to be compatible with the modern GCC compiler. This fixes compilation problems on modern Linux systems.
evolution removal
Remove global default limit notice optionIt is no longer possible to select global default as an option for controlling whether notice messages are sent after approaching quota limits.
CMD_API_POP
command removal
Stop accepting state-changing GET requests for The command CMD_API_POP
is moved to the new security framework, which prevents performing state-changing requests with the HTTP GET method. In earlier releases there was a loophole that allowed performing actions with a GET request if the request used HTTP basic authentication.
This loophole is removed. In this release the following actions must always use the HTTP POST method:
/CMD_API_POP?action=all_email_sync
/CMD_API_POP?action=create
/CMD_API_POP?action=modify
/CMD_API_POP?action=delete
/CMD_API_POP?action=set_dkim
In this release only the CMD_API_POP
command is affected. We are planning to harden the security of other endpoints in the future.