KeyHelp Changelog Viewer

25.0 31 January 2025

New Features / Added Content

Enhanced client area

Added disk usage information below resources
Added 'Whois IP Lookup' below tools

Added the 'Whois IP Lookup' to the IP column in domain logs

Added a database status analyzer to the admin area [Pro feature]
Added installable PHP interpreter for ARM64 systems
Debian 12, Ubuntu 24 | Added individual spam settings per email account for systems running Rspamd

Added options to configure spam tag score and spam reject score thresholds
Added an option to enable/disable subject line rewriting
Added an option to enable/disable virus checking
Added an option to bypass spam/virus checks entirely

Added an option to restrict the number of email forwardings for client accounts

Added current/max email forwarding information to all overviews (admin dashboard, client dashboard, email overview, etc.)
Added an option to configure the maximum number of forwardings via the account templates feature

Improvements / Changes

Enhanced Let's Encrypt certificate retrieval process
Internal code improvements in translation management: Centralized handling of active, managed, and deprecated translations
Added support for editing .eml (message/rfc822) files to the file manager
Enhanced screen reader support

Added aria-label attributes to icons
Improved navigation for file manager action menus

Added a maintenance task to clean up possible backup folder remnants
Removed ix.dnsbl.manitu.net from the example DNS blacklist email settings due to service discontinuation
Added various CSRF security improvements
Domains created by client accounts without having the 'can have email accounts' permissions now have the 'Domain can be used for emails' flag disabled by default
Enhanced white-label features

Improved user interface for image uploads with separate dark and light mode previews
Added option to upload a custom email notification logo via the white-label feature
Removed the word 'KeyHelp' from the alt attribute of the logo in the email notification template to make it more white-labeled out of the box

Improved virus scanner reports to distinguish between confirmed infections and unofficial detections
Updated SourceGuardian Loader to version 15.0.0 / 15.0.2
Updated IonCube Loader to version 14.0.0
Added OpenDKIM records to mail logs for systems without Rspamd
Updated byte value formatting to use non-breaking spaces, preventing line breaks
Added additional details about what will and won’t be deleted during domain removal to the delete domain page
Enhanced database management

Added a direct login link to the database administration software in 'System Status'
Simplified wording for database management tools (e.g., generic labels instead of tool-specific names like 'Adminer' within the navigation / tooltips)
Added two dark themes to phpMyAdmin, switchable via the phpMyAdmin dashboard

Enhanced CLI tools

Added option to change the hostname via the keyhelp-toolbox command
Improved character alignment in KeyHelp CLI tools for languages with non-ASCII characters

Improved date format for cronjob logs, changed from DD-MMM-YYYY to YYYY-MM-DD
Added additional DNS hardening measurements to reduce potential misuse in DDoS attacks
Added opcache_get_status() to the default list of disabled PHP functions (updated 'Unlimited' account template as well)
Ensured consistent capitalization for 'Restricted SSH Environment'
Improved handling of AJAX errors
Updated KeyHelp pre-installer script to handle accidental re-runs
Updated styles for SSL certificate buttons for consistency
Added threshold configuration for the email queue warning notifications
Added direct login functionality by clicking a username on the traffic statistics page
Improved KeyHelp Dev server setup routine
Updated default firewall rules for server hosted by Keyweb
Enhanced Rspamd features

Removed the outdated PolicySPF service and now use Rspamd's own functionality
Added an option to enable or disable email rejection for failed SPF checks
Email headers are now always enhanced with additional header fields (x-spamd-result, x-spamd-bar, x-spam-level, etc.)
Improved configuration to ensure emails with attached viruses can no longer bypass the spam filter

Implemented a clearer separation between Rspamd and the old Amavis/SpamAssassin/... stack configuration settings
Updated the welcome message on the admin dashboard
Updated the message indicating the operating system has reached end-of-life on the admin dashboard
Updated the order of settings when editing an email account settings to better align with the email overview
Improved the instructions how to reset a license in the error message shown when a KeyHelp Pro license could not be applied
Improved notification messages and the condition when messages are displayed on the email queue page
Removed the 'Delete selection' button from all overview pages and replaced it with a 'Bulk actions' option
Updated the button line template component and unified various visuals / margins on overview pages
Enhanced scheduled tasks features

For the task type 'Call URL', return codes >= 200 and < 300 are now treated as a successful execution
Added a bulk action to enable or disable scheduled tasks on the scheduled tasks overview page

Added a search feature to the database overview page
Debian 11, Ubuntu 20/22| Improved spam-fighting capabilities on systems using Amavis/SpamAssassin
Added an option to configure the preferred main email server domain name

Added an option to prefer the associated domain name of an email address
Added an option to use any suitable domain name
Added an option to either show only the preferred main email server name or all available names
The corresponding changes will be reflected in the email client autoconfiguration and connection data window within the KeyHelp UI

Updated the content of the DKIM DNS record window to simplify the process of selecting the correct value for the use case
The settings exporter/importer feature now also exports/imports webhook URL settings
Enhanced the readability of the 'is enabled' status on various overview pages

Removed the 'is enabled' status from the 'S' (status) column and added a new column with clearer indicators for the enabled/disabled status
Updated the overview pages for scheduled tasks, maintenance intervals, and scheduled backups accordingly

Updated the default status column and added a more visually appealing default icon
General wording updates

Unified terminology on the process manager and database status pages
Improved wording of various event messages
Standardized column headings terminology throughout the panel
Fixed various punctuation and formatting issues

Updated the footer when using a community translation
Added a link to the footer on abandoned translations to potentially recruit new translators
Enhanced description for the timezone settings
Updating the timezone in KeyHelp now also ensures database settings are reloaded (ensuring MySQL 'now()' reports the correct time)
Fail2Ban updates (Only for new installations and dist-upgrades)

Introduced two operating modes for the 'kh-bad-bots' filter

Normal (default): Focused on common bad bots
Aggressive: Includes additional crawlers, such as 'facebookexternalhit'

Configurable in /etc/fail2ban/jail/keyhelp.conf with 'filter = keyhelp-bad-bots[mode=normal]' or 'filter = keyhelp-bad-bots[mode=aggressive]'

API Changes

Updates to endpoint /clients

The endpoints '/clients/{id}' and '/clients/name/{name}' now also return the field 'resource_limits' and 'permissions'
The number of currently used email forwardings and the maximum allowed email forwardings are now returned in the respective endpoints

Updates to endpoint /emails

Only Rspamd systems | Added fields for customizable spam control (below 'protection' field): spam_tag_score, spam_reject_score, spam_rewrite_subject
The fields (below 'protection' field') now can also be used on Rspamd systems: check_spam, check_virus
Fixed an issue where account limits for alias addresses were not enforced when 'Ignore resource limits of user accounts' was disabled in API settings

Updates to endpoint /hosting-plans

Added the field 'email_forwardings' to configure the number of available email forwardings
Clarified error messages during plausibility checks for email accounts and email aliases when using POST / PUT

Updates to endpoint /server

The number of currently used email forwardings is now returned (below 'resources')

Updates to XML responses

Fixed an issue where returning an array could fail (e.g., with GET endpoints returning multiple resources)
Fixed a PHP warning during resource deletion: Warning: foreach() argument must be of type array|object, string given in /home/keyhelp/www/keyhelp/core/Api/ApiResponse.php on line 223

API documentation

Updated the documentation according to the changes within KeyHelp 25.0
Updated openapi.json / openapi.yml files which can be used by external definition parsers
Fixed incorrect route to the endpoint /login/name/{name} (Not correct: /login/{name})

Fixed the type of the 'id' field in JSON responses for PUT operations (affected endpoints: /admins, /clients, /hosting-plans)
Improved API routing and routes management code
Increased API version to 2.10

Tool Updates

Roundcube 1.6.9
SnappyMail 2.38.2
PhpMyAdmin 5.2.2
Restic 0.17.3
Rclone 1.69.0

Vendor Library Updates

Chart.js 4.4.7
CodeMirror 5.65.18
Font Awesome 6.7.2
Perfect Scrollbar 1.5.6
TinyMCE 7.5.1
html2text/html2text 4.3.2
monolog/monolog 2.10.0
phpmailer/phpmailer 6.9.3
phpseclib/phpseclib 2.0.48
symfony/deprecation-contracts 2.5.4
symfony/polyfill-mbstring 1.31.0
symfony/polyfill-php80 1.31.0
symfony/polyfill-php81 1.31.0
symfony/polyfill-ctype 1.31.0
symfony/yaml 5.4.45
twig/twig 3.11.3

Translations

Updated Brazilian Portuguese (100%) | Thanks to Rogério Borba
Updated Catalan (100%) | Thanks to Otmar Schuster
Updated Chinese (traditional) (100%) | Thanks to Wu Ru Kang
Updated Dutch (100%) | Thanks to Bas Heijermans
Updated English (100%)
Updated French (100%) | Thanks to Chris Mehl
Updated German (100%)
Updated Hungarian (100%) | Thanks to Madarász László
Updated Italian (100%) | Thanks to Alessandro Daniele
Updated Norwegian (100%) | Thanks to Eirik Sikveland
Updated Russian (82%) | Thanks to Vladimir Alferov
Updated Spanish (100%) | Thanks to Otmar Schuster
Updated Swedish (100%) | Thanks to Marwin Gripenfrost
Updated Turkish (100%) | Thanks to Serkan Türkkan
Polish translation is now marked as abandoned and looking for a new translator
Arabic translation is now marked as abandoned and looking for a new translator
Fixed issues within base .pot / .mot files

Fixes / Imperfections

Fixed mislabeled tuning.cnf for systems with > 2GB RAM (applies to new installations only)
Fixed issue where backups snapshots within a repository with differing description texts were not deleted during pruning

With the next prune run on the repository, all additional snapshots will now be cleaned up

Fixed duplicate execution of freshclam during virus scans, which likely also caused notification emails with the message 'UPDATE VIRUS DATABASE: Status failed'
Only Rspamd Systems | Fixed case-sensitivity issues in Rspamd email address filters for blacklists and whitelists
Fixed error thrown when adding a subdomain with the parent domain dropdown left at '--- Please select ---'
Fixed error thrown when adding a custom notification with event dropdown left at '--- Please select ---'
Fixed an issue where TMPDIR was not set in crontab, now ensures that user cron jobs write temporary data to user directories instead of the global /tmp

During the update, all cron jobs are rewritten to apply this fix

Fixed composer installation routine to handle cases where HOME or COMPOSER_HOME environment variables were unset during installation
Fixed missing navigation highlighting and incorrect breadcrumbs on the 'Port Monitoring / Socket Statistics' page
Fixed traffic calculations on the first run for servers with time zones set to > UTC+01:00 offset (failed due to invalid timestamps)
Fixed disk information retrieval where excessively large values caused type errors
Fixed incorrect logo display in popup windows ('Server Service Management' -> Details column, IP Whois result window, ...) when using a custom white-label image for the internal area
Fixed placeholder replacements in (email) notifications where zero was replaced with an empty string
Fixed contact column on the 'User Administration' page where zero was replaced with an empty string
Ubuntu 24 | Fixed column misalignment in the active sessions table for due to bugs in the system 'w' command

Ubuntu 24 | Known issues: Due to still existing bugs in the system command ‘w’ the columns ‘Idle time’ and ‘Current process’ are not correct

Fixed user sessions were not terminated via AJAX calls, leaving sessions active until a regular page reload
Fixed browser cache issues that caused old logos/favicon (set via the white-label feature) to persist even after updating the logos/favicon
Fixed various PHP errors

Fixed a PHP deprecation notice when creating a Backup: Deprecated: Creation of dynamic property BackupConfig::$errors is deprecated in /home/keyhelp/www/keyhelp/core-old/Backup/BackupConfig.php on line 373
Fixed a PHP deprecation notice when using the [POST] /directory-protection API endpoint: Deprecated: strpos(): Passing null to parameter #1 ($haystack) of type string is deprecated in /home/keyhelp/www/keyhelp/core-old/Model/DirectoryProtection.php on line 132
Ubuntu 24 | Fixed a PHP deprecation notice on 'Active sessions' page: Deprecated: strtoupper(): Passing null to parameter #1 ($string) of type string is deprecated in /home/keyhelp/www/keyhelp/pages/admin_active_sessions.php on line 302
Ubuntu 24 | Fixed a PHP deprecation notice on 'Active sessions' page: Deprecated: Implicit conversion from float to int loses precision in /home/keyhelp/www/keyhelp/functions/functions.main.php on line 1245
Ubuntu 24 | Fixed a PHP warning on 'Active sessions' page: Warning: unserialize(): Extra data starting at offset 4 of 116 bytes in /home/keyhelp/www/keyhelp/core/UI/Session/Session.php on line 379

Fixed an issue where clicking on an IP in the 'Event Logs' page within the client area failed to show the Whois IP results
Fixed issue where the appropriate option was not selected in the dropdown on the 'Configuration -> Time Zone' page when the server time zone was set to Etc/UTC
Fixed an issue where the 'forget password' -> 'reset password' function did not notify the user if the password could not be checked against haveibeenpwned.com when it was unreachable

Miscellaneous

Minor updates to crontab templates (comment adjustments)
Structural changes in core folders and namespaces for better organization, better grouping of related classes, etc.
Renamed main KeyHelp Fail2Ban configuration file 'keyhelp.local' -> 'keyhelp.conf'
Added Keyweb advertising to the footer in internal areas (not for KeyHelp Pro, optional in the free version)
Fixed spelling errors in code, variable names, functions, etc.
Removed duplicate code in the installation routine for 'timesyncd'
Removed outdated hosting plans for installation on Keyweb shared servers
Improved internal handling of HTTP operations
Implemented minor improvements to the WebAuthn authentication system
Refactored common event message functions: Eliminated duplicate code and improved universality
Terminology Standardization: Replaced 'user' with 'client' in various places for consistency
Updated and improved debug helper functionality
Implemented more robust system architecture checks during installation (e.g., regarding ARM64 support)
Introduced new Twig filters for improved template design flexibility
Unified handling of request parameters: Made processing more robust, reducing control structure overhead
Streamlined template design / removed duplicate code by moving more html code into Twig macros
Replaced all instances of the 'service' command with the 'systemctl' command
Unified various template variable names
Refactoring (performance improvement, implementation of new features, use of modern language features, streamlining, etc.)

Refactored IpAddress class
Refactored SshKey class
Refactored Breadcrumbs class
Refactored EventLogs class
Refactored LoggerFactory class
Refactored CronLogger class
Refactored CronTab class
Refactored SystemWhoSession class
Refactored SystemWho class
Refactored Paginator class
Refactored PaginatorResult class
Refactored CustomMonologDatabaseHandler class
Refactored IntlDatePatternGeneratorPolyfill class
Refactored VersionNumber class
Refactored ToolsManager class
Refactored DnsLookup class
Refactored CliStyle class
Refactored OperatingSystem class
Refactored DovecotWho class
Refactored DovecotWhoSession class
Refactored Session class
Refactored SessionHandlerDatabase class
Refactored Navigation class
Refactored TableSorting class
Refactored MailserverSni class
Refactored ServiceManager class
Refactored Curl class
Refactored ApiRouter class
Refactored ApiRequest class
Refactored ApiResponse class
Refactored Ajax class
Refactored DiskUsage class
Refactored Quota class
Refactored VirusScanner class
Refactored FtpWhoSession class
Refactored ExportTables class
Refactored SettingsExporter class
Refactored SettingsImporter class
Refactored I18n class
Refactored Mailer class
Refactored PwnedChecker class
Refactored the search functionality on overview pages

24.2 06 August 2024

New Features / Added Content

Added support for Ubuntu 24.04
Added the ability to take notes on the client dashboard
Added a list of all installed software packages to 'System Status'
Added custom user interface notifications [Pro feature]
New installation | Installed the PHP package manager Composer

Added Composer to clients' 'Restricted SSH environment'
Ensured Composer is kept up-to-date through KeyHelp's 'Update server services' maintenance interval

Improvements / Changes

Added a link from the admin dashboard application version box to the new 'Installed Software Packages' page
Added description field to backup jobs and scheduled backup jobs
Added link to KeyHelp's migration platform under 'Help / Links' on KeyHelp Pro systems
Updated the ionCube Loader to version 13.3.0
Updated backup system to overcome the error 'file changed as we read it' when backing up email accounts
Updated the order of month names in the dropdown field on the 'Traffic Statistic' page
Updated PHP version EOL dates
Updated menu item labels to be more uniform on English 'Statistics' page
Updated blacklist/whitelist email address feature to also accept *<DOMAIN> and <NAME>*
Updated IP anonymization feature to also anonymize Apache access log records with 'remote' instead of 'client' next to the IP
Updated chart legend content on client dashboard
Updated the visuals of 'Account information' and 'Contact data' boxes on client dashboard to look more uniform
Ensured that long mount point paths no longer clutter the admin dashboard
Fail2Ban (Only on new installations and dist-upgrades)

Added Fail2Ban filter for bad bots and aggressive AI crawler (kh-bad-bots) (disabled by default)
Updated KeyHelp's Fail2Ban jail configuration file
Ensured that performant backend settings are set for jails that read Apache log files

Scheduled tasks

Updated and refactored the 'Call URL' script - the command will now not produce any output besides error messages (and if the returned HTTP code is not 200)
Updated the order of the notification options
Updated description texts to better explain when to use which notification option
Pre-selected the 'Always' option
Pre-filled the notification email address with the address of the currently logged-in user

Removed outdated RainLoop Webmailer

Switched to SnappyMail if RainLoop was previously used
RainLoop database and file backups have been saved to /home/keyhelp/keyhelp.backup/panel_updates/rainloop_*.tar.gz if RainLoop was previously used

File manager

Added feature to create symlinks
Added feature for symlinks to open the corresponding directory when clicking on it

Security

New installation | Increased password length of default admin account
New installation | Increased password length of KeyHelp's database logins
New installation / Updates | Increased password length for Roundcube, phpMyAdmin and SnappyMail

API Changes

Updated API documentation
Updated openapi.json / openapi.yml files
Increased length of auto-generated passwords to 18 characters

Tool Updates

Roundcube 1.6.8
SnappyMail 2.36.4
Restic 0.16.5
Rclone 1.67.0

Vendor Library Updates

CodeMirror 5.65.17
TinyMCE 7.2.1
Font Awesome 6.6.0
symfony/polyfill-ctype 1.30.0
symfony/polyfill-mbstring 1.30.0
symfony/polyfill-php80 1.30.0
symfony/yaml 5.4.40

Translations

Updated Brazilian Portuguese (100%) | Thanks to Rogério Borba
Updated Catalan (100%) | Thanks to Otmar Schuster
Updated Chinese (traditional) (100%) | Thanks to Wu Ru Kang
Updated Dutch (100%) | Thanks to Bas Heijermans & RikkerdNL
Updated English (100%)
Updated French (100%) | Thanks to Chris Mehl
Updated German (100%)
Updated Hungarian (100%) | Thanks to Madarász László
Updated Italian (100%) | Thanks to Alessandro Daniele
Updated Spanish (100%) | Thanks to Otmar Schuster
Updated Turkish (100%) | Thanks to Serkan Türkkan

Fixes / Imperfections

Fixed 'command not found' issue when calling keyhelp-toolbox on updated instances
Fixed PostSRS being displayed as disabled in the user interface for new installations even though it was enabled on the system
Fixed the timezone not updating correctly on Debian 12 systems
Fixed CPU and memory usage of Amavis and OpenDKIM not being tracked within the monitoring feature on systems without Rspamd
Fixed a custom quota file system path not being respected everywhere in KeyHelp
Fixed deleting a symbolic link within the file manager not working properly
Fixed a domain target path containing '<DOCROOT>/www' being replaced with an empty string on the domain overview page
Fixed the theme mode (default/dark mode) not being respected when switching to a client account while logged in with the support user account
Fixed the 'More news' link on the admin dashboard being broken when the account language was set to German
Fixed PostSRS in some cases adding a DKIM key to the email header twice
Fixed a security notification being sent after an admin login and the disk space status not being displayed on the admin dashboard on some systems (same cause)

Miscellaneous

Improved assignment of translations to corresponding translation files
Renamed 'Help' to 'Help / Links' in the main navigation
Removed Debian 10 from the list of supported systems

Prevented installation on Debian 10 systems
Removed deprecated Debian 10-specific code
Removed workarounds and code responsible for compatibility with Debian 10's default system service versions
Removed workarounds and code responsible for compatibility with PHP 7.3
Utilized various features of newer PHP versions that could not be used until now

Disabled backup select page if the old backup system is not used
Refactoring (performance improvement, implementation of new features, use of modern language features, streamlining, etc.)

Refactored SshChrootEnvironment class
Refactored ProcessList class
Refactored ProcessManager class
Refactored ProcessListItem class
Refactored FileItem class
Refactored IpAnonymizer class
Refactored PasswordGenerator class
Refactored WebAuthnAuthenticator class
Refactored page building order/logic within the main script

24.1 07 June 2024

New Features / Added Content

Added 'Sender Rewriting Scheme' (SRS) to rewrite email envelopes from forwarded emails

Added PostSRSd to Postfix configuration
Added PostSRSd to 'Monitoring' [Pro feature]
Added PostSRSd log records to mail log
Added PostSRSd to 'Server Service Management' log records to mail log
Added an intelligent system to only rewrite necessary email envelopes
Added an option to enable/disable SRS via email server settings

Added new 'keyhelp-php-domain' CLI tool which can be used like 'php' or 'keyhelp-php<VERSION>' but it automatically picks the correct PHP interpreter, depending on the directory the PHP script is located [Pro feature]
Added AdminerEvo as a more up-to-date alternative to database administration tool Adminer

Improvements / Changes

Added an option to show email sending/receiving status to domains overview page (Customize view)
Added DMARC record to the KeyHelp panel domain DNS configuration
Added DKIM keys and corresponding DKIM record to the KeyHelp panel domain DNS configuration
Admin dashboard

Added display of consumed disk space categorized by mail, web and database
Added display of mounted file systems and their utilization
Added display of traffic by month categorized by HTTP, FTP, POP3/IMAP, SMTP
Added the DKIM record values of the KeyHelp panel domain to 'Server information' box

Added an option in the 'keyhelp-toolbox' to update the IPs of the KeyHelp configuration files (similar to 'Configuration' -> 'IP Addresses')
Added HTTPS DNS record type option to DNS editor
Added option to allow prefixed FTP username
Streamlined FTP and database settings regarding name scheme selection
Added new client permission 'Delete main domains'
Removed the coherence between client resources setting domains = '0' and the ability to delete domains (use 'Delete main domains' instead)
Improved processing speed when deleting domains
Updated SourceGuardian to version 15.0.0 / 15.0.1 (now supporting PHP 8.3)
Debian 12 | Added the PHP extension 'php-redis'
Debian 12 | Improved the visuals around the checkbox on 'Configuration' -> 'Email server' -> 'Blacklist | Email addresses'
Debian 12 | Updated logrotate systemd configuration files (in rare cases they might not have been updated accordingly during the OS upgrade)
Debian 12 | Improved the Rspamd WebUI auto-login feature to handle cases where the page takes longer to load
Security

Check domain setting 'Enforce secure connection' by default when a certificate is selected
Increased the length of the generated password within the UI to 18 characters
New installation | Increased password minimum length to 12 characters
Blocked common search engines and crawlers from accessing KeyHelp
Increased HSTS default setting to 180 days
Block ICMP timestamp requests in firewall rules (only on new installations and when applying new rules)

Fail2Ban

New installation | Enable kh-recidive rule by default
New installation | Enable postfix-sasl rule by default
New installation | Reduced max amount of failed attempts for KeyHelp's default rules
New installation | Added maxretry value of the default SSH rule to keyhelp.local for easier overwriting
New installation | Updated filters 'apache-common' and 'postfix' as they are broken in Fail2Ban versions < 1.1.0
Improved visuals for active Fail2Ban jails and the amount of banned IPs

Updated the parameter for the mastercronjob, instead of --force-<NAME> use --force '<NAME>' or --force='<NAME>'
Separated the content of the 'Resources & permissions' tab on the user administration page into two tabs
Separated the content of the 'General' tab on the account templates page into a 'General / Resources' and a 'Permissions' tab
Improved PHP-FPM configuration file generation and improved readability of the resulting configuration files
Improved Apache configuration file generation and improved readability of the resulting configuration files
Removed unnecessary content from Apache configuration files
Improved the tooltips of all chart graphics (no duplicate content anymore)
Streamlined the date format within the profile settings of SSH keys and WebAuthn records
Streamlined the order of the custom logo settings for the KeyHelp white label and Roundcube settings
Improved the account template overview page and no longer display the 'Show' button on PHP settings if the corresponding settings have no value stored
Improved log records when Apache configuration files are created to make them easier to read
Improved stability in case the main quota disk could not be loaded correctly
Backup

Crashed backup operations are now monitored and set to the status 'canceled' if a crash is detected (applies to backup operations started after the update to 24.1)
A notification email is sent when a crashed backup operation is detected
Added an option to delete canceled operations to the backup troubleshooting page
Added log records and utilizing the 'Messages' column on the backup overview page if databases or email accounts could not be prepared for a backup job

PHP settings

Improved the order of PHP settings fields within the UI to represent their importance
Added new fields for storing overwritable (= php_value) and non-overwritable (= php_admin_value) PHP directives to client PHP settings and account templates page
Removed the field 'Additional PHP settings' from the client PHP settings and account templates page
Added a feature to allow the predefined settings (e.g. memory_limit, max_execution_time, etc.) to be overwritten by client applications by defining them in the overwritable directives input field
Updated the way how sendmail/sendmail_from configuration directives are handled
Improved the default disable_functions to make them more compatible with various web applications

Removed the following functions from the Unlimited account template: highlight_file, show_source, error_log, disk_free_space, disk_total_space, diskfreespace, curl_multi_exec
Removed the following functions from the default account template: highlight_file, show_source, error_log, disk_free_space, disk_total_space, diskfreespace
Sorted the function list alphabetically

PHP interpreter

Improved the visuals on command line usage descriptions to make them easier to find
Added note for keyhelp-php-domain usage
Improved the user interface and optimized the placement of control elements

Added the client permission 'Update contact data' to the list of displayed permissions on the client dashboard and the info box on the user administration page
Deleted the old website statistic directories from the KeyHelp < 23.0 era, where the statistics were generated summarized for all domains of a client - depending on the age and the client count on the server, this may free up multiple GB in storage space (Feature canceled - delete /home/keyhelp/www/keyhelp.webstats/*/deprecated/ by yourself, if you don't need the old Awstats statistics)
Added the display of mounted remote file systems to the disk overview page
Implemented a certificate chain validation warning when the CA certificate does not match the certificate
Improved the readability of the content of the additional PHP directives pop-up
Various smaller improvements of the KeyHelp user interface
Various text and wording improvements throughout the user interface

API Changes

Added new [GET], [PUT], [DELETE] methods to the following endpoints, to allow access of resources by name (e.g., [GET] /clients/name/<USERNAME>)

/admins
/certificates
/clients
/databases
/dns
/domains
/emails
/ftp-users
/hosting-plans
/login

Updates to the endpoint /hosting-plans

Added new sub-fields to the 'php' field as a replacement for the old 'additional_settings' field

Added 'extra_directives_immutable' field for additional immutable PHP directives (= 'php_admin_value')
Added 'extra_directives_mutable' field for additional mutable PHP directives (= 'php_value')
Marked 'additional_settings' field as deprecated

Added new sub-field to the 'permissions' field as a replacement for the old 'change_personal_data' field

Added 'update_contact_data' field
Marked 'change_personal_data' field as deprecated

Added new sub-field to the 'permissions' field: 'delete_main_domain'

Updates to the endpoint /domains

Added new sub-field to the 'security' field as a replacement for the old 'force_https' field

Added 'is_prefer_https' field
Marked 'force_https' field as deprecated

API documentation

Updated OpenAPI documentation format to 3.1.0
Properly marked deprecated fields, so all deprecated fields are now highlighted appropriately in the documentation at https://api.keyhelp.de
Updated the documentation accordingly to the changes within KeyHelp 24.1
Updated openapi.json / openapi.yml files which can be used by external definition parsers
Improved various other aspects of the documentation, such as improved spelling, added notes, updated description texts, improved YAML formatting, fixed issues, and so on

Increased API version to 2.9

Tool Updates

Roundcube 1.6.7
SnappyMail 2.36.3
Restic 0.16.4
Rclone 1.66.0

Vendor Library Updates

Chart.js 4.4.3
Font Awesome 6.5.2
monolog/monolog 2.9.3
phpseclib 2.0.47
Twig 3.10.3
symfony/deprecation-contracts 2.5.3
symfony/polyfill-ctype 1.29.0
symfony/polyfill-mbstring 1.29.0
symfony/polyfill-php80 1.29.0
symfony/yaml 5.4.39

Translations

Updated Brazilian Portuguese (100%) | Thanks to Rogério Borba
Updated Catalan (100%) | Thanks to Otmar Schuster
Updated Dutch (100%) | Thanks to Bas Heijermans & RikkerdNL
Updated English (100%)
Updated French (100%) | Thanks to Chris Mehl
Updated German (100%)
Updated Hungarian (100%) | Thanks to Madarász László
Updated Italian (100%) | Thanks to Alessandro Daniele
Updated Portuguese (100%) | Thanks to ID Digital
Updated Spanish (100%) | Thanks to Otmar Schuster
Updated Turkish (100%) | Thanks to Serkan Türkkan

Fixes / Imperfections

Fixed that when adding an existing backup repository but entering a wrong password, at the second try (after the repo has already been created), it will crash because of a wrong function call
Fixed that logs from deleted domains were not deleted as well
Fixed that when the disk space of the '/' partition could not be loaded, an Error 500 was shown and one was not able to log in to KeyHelp
Fixed that on the account template overview, 'open_basedir' was incorrectly labeled as 'upload_open_basedir'
Fixed that the modal pop-up for the 'Delete email account contents' feature was not properly localized and only showed the text in German
Fixed a bug in the error handling routine of the application installer where it tried to access a missing function
Fixed the error 'ERROR | Unknown task. / No operation defined.' that possibly occurred after changing the server hostname
Fixed an issue that on servers with the logrotate timer set to 00:00:00 (which can happen through logrotate software updates, likely Debian), the traffic and Awstats statistics were empty on Saturdays
Fixed that the settings of identities created within SnappyMail were not transferred to the new version during a SnappyMail update within the KeyHelp panel update routine
Fixed improper parameter usage during CSR generation
Fixed that the event messages on the DNS editor page did not correctly indicate that it will take some time to update the configurations

Miscellaneous

Added a new template marco feature (textarea + checkbox) for generating textarea input elements, allowing more possibilities to design upcoming features
Removed multiple occurrences of duplicate code belonging to the 'DKIM DNS record' modal window
Removed the date when the old backup system will be removed from KeyHelp
Replaced content of 'Xmailer' email header of notification emails sent by KeyHelp with 'KeyHelp Control Panel'
Improved the way how stacked icons are generated, allowing more possibilities to design upcoming icons/features
Improved installation routines of components responsible for setting up special-purpose servers
Improved the logic responsible for showing the domain security features on the domain overview page
Updated the tool names and system links to KeyHelp tools within the /bin directory
Updated the handling of string post variables when using the UI and make sure they now always have their line break characters normalized
Marked Russian translation as abandoned
Database updates

Added database relations to the following tables: 'domains_dkim', 'domains_redirect_codes', 'domains_custom_vhost', 'domains_custom_dns'
Updated the column order in the 'php_settings' table to be more in line with the code
Removed outdated settings from the 'settings' table
Renamed the table 'domains_cgi_path' to 'domains_cgi'
Renamed the field 'change_personal_data' to 'update_contact_data' in the 'users' and 'account_templates' tables
Renamed the field 'force_https' to 'prefer_https' in the 'domains' table
Renamed the field 'status' to 'state' in the 'background_tasks' table

Refactorings (performance improvement, implementation of new features, use of modern language features, streamlining, etc.)

Refactored PostfixConfig class
Refactored SingleSignOn class
Refactored ApiKey class
Refactored BackgroundTasks class
Refactored CliMenu class
Refactored SelfStoringObject class
Refactored Disk class
Refactored Domain class
Refactored OperationSystem class
Refactored EmailAccount class
Refactored maintenance task 'Update server services'
Refactored disk space and graph calculations on the admin and client dashboards

24.0 07 February 2024

New Features / Added Content

Added domain owner transfer feature
Added notification webhook feature (each time a notification event occurs, event-relevant data is sent to a webhook URL, where it can be processed further)
Added traffic statistics for domains

Improvements / Changes

Improved the domain creation process by suggesting directories for the domain home directory
Added a new URL for accessing the database administration tool 'https://<DOMAIN>/db'
Enhanced the 'keyhelp_login_data' on new installations by adding access URL and IP to the database section, similar to the KeyHelp section
Updated the Apache error log parser (e.g. on web server protocols) to work with servers that use “remote” instead of “client” in the Apache error log
Improved the 'Login as this user' feature as it now preserves the administrator's theme mode regardless of what theme mode the client is using
Improved the user experience when switching to dark/normal mode - it now stays on the same page where it was triggered and no longer jumps back to the last main page
Revamped the Message of the Day (MotD) feature

Made MotD consistent for Debian and Ubuntu systems
Improved the way the MotD is generated
Enabled the display of IPv6 addresses
Made MotD script configurable (white-label, link a custom login file, decide which login URLs / IPs to display)
Implemented two different views, one for root SSH access and one for client SSH access (hide login file on client access)

Updated the ionCube Loader to version 13.0.2
Updated the SourceGuardian to version 14.0.2 / 14.0.3
Cleaned up and improved the database structure of the KeyHelp database

Changed charset from utf8mb3 to utf8mb4
Changed collation from utf8mb3_general_ci to utf8mb4_unicode_ci
Added relations / improved cascade design for various tables
Adjusted the lengths of database fields for various tables
As a side effect, you will now be able to use emojis in inputs fields 😉👍

Extended the start of anonymization for event log records from 48 hours to 14 days
Hardened calls to system commands (e.g. exec) to handle incorrectly set locales that could lead to non-English system responses and potential command output parser errors
Updated the HTTP headers KeyHelp is sending to no longer reveal the web server it is using (only for KeyHelp Web UI)
Improved screen space usage for screen widths between 769 - 1408px on various pages
Improved the wording on various pages to avoid vertical scrolling
Increased the width of all input pages and therefore improved visual appearances on wider screen resolutions
Moved the default language option out of the language configuration page table, saving horizontal space and making it easier to find
Added the 'Login as this user' feature to the TLS/SSL certificates page
Added a link from the AWStats configuration page to the data privacy page
Added an option to let AWStats determine visitor origin countries and hostnames instead of IPs
The option 'Configuration -> FTP-Server -> Allow only SSL/TLS protected connections' is now set to true by default on new installations
Added a note to the 'Server reboot' page when backup operations are still running
Added UI elements to the web server configuration page to reset web server ports settings to default
Updated the Apache log format section on the web server configuration page
Added UI elements to the web server configuration page to reset Apache log format settings to default
Ensured AWStats can now work with a custom Apache log format
Ensured the web server protocols page can now work with a custom Apache log format
Removed the ability to use email aliases with a different domain name than the email account address; During the update, existing aliases with a different domain became detached email forwarding accounts to the address of the email account
Backup system

Added progress status to restore operations
Improved CLI backup status reports
Improved the process handling of backup processes to be more flexible and easier to use, also fixed some minor issues
Improved the visibility of the provided example configurations for custom backup storages
When still using the old/outdated backup system, its email notifications are not issuing the status 'Warning' even on successful operations; Note, the old/outdated backup management is marked as deprecated
When still using the old/outdated backup system a warning notification is displayed on the KeyHelp dashboard; Note, the old/outdated backup management is marked as deprecated
Improved the description texts on the backup management selection page
Added an email notification when backup operations pile up (indicating a possible issue with the backup system)

Enabled logging of failed authentication attempts in SnappyMail to syslog
Fail2Ban

Implemented a jail for SnappyMail failed authentication attempts in /etc/fail2ban/jail.d/keyhelp.local (only for new installations or dist-upgrades - see /install/templates/fail2ban/jail.d/keyhelp.local for a template to update your server accordingly)
Implemented a jail for MariaDB (if remote access is enabled) failed authentication attempts in /etc/fail2ban/jail.d/keyhelp.local (only for new installations or dist-upgrades - see /install/templates/fail2ban/jail.d/keyhelp.local for a template to update your server accordingly; Debian 10 and Ubuntu 20 may need to update /etc/mysql/maria.conf.d/50-server.cnf and comment out the log_error = line to make this work)
Shortened the name all KeyHelp implemented Fail2Ban jails (e.g. keyhelp-apache -> kh-apache)
Renamed the jail kh-proftpd to kh-ftp
Ensured that the required libraries 'python3-pyinotify' and 'python3-systemd' for Fail2Ban are installed
Added an alternative path to the fail2ban-client binary to the KeyHelp's sudoers configuration file

Debian 12 / Rspamd

Ensured the spam learn cronjob is enabled/disabled according to the settings made within the KeyHelp UI (when dist-upgrade was performed between 1st and 7th November, it may not be enabled)
Cleaned up the system for outdated / no longer needed content in /var/spool/spamassassin/
Cleaned up the /etc/postfix/master.cf for outdated / no longer needed Amavis configuration directives
Rebuilt the directory structure within /var/lib/rspamd/ for future Rspamd extensions
Fixed Rspamd's case-sensitive DKIM lookups
Reworked the method of securing the Rspamd web interface

The interface is now password protected but also allows autologin when being logged into KeyHelp
You have to set an initial password in order to use the web interface
Allows a much quicker access to the web interface
The Rspamd service no longer needs to reboot
The new method is much more secure (especially in shared IP environments)
Removed code complexity and maintenance
The Rspamd web interface can now be accessed without the need to log into KeyHelp first
Added a note and link to the Rspamd external web interface

Re-enabled email address black-/whitelist for Rspamd; On dist-upgraded systems: Your old black-/whitelist settings from before the dist-upgrade are reactivated automatically in the course of the update
Added an option to decide whether blacklisted email addresses should be tagged as spam or rejected

Improved the user interface on the email server configuration page
Updated the way CPU information are collected
Hides the CPU clock speed, if it could not be correctly determined
Added a fallback for processors whose processor label could not be correctly determined
Stopped loading vendor image if CPU vendor could not be correctly determined, resulting in a cleaner look of the dashboard
Added convenient functions to access the processor and core labels
Updated headlines and descriptions for maintenance intervals to make them more uniform and easier to understand
Ensured 'file' is installed for new installations (used for file manager)
Improved the parsing of the mail queue

Improved speed of the mail queue parsing by a factor of up to 200
If an email in the queue has more than one recipient, you can now see the addresses of other recipients, not just one
You can see the total number of recipients an email has
Improved the help section of the mail queue page
Improved formatting of large mail queue count numbers
The warning threshold for numerous emails in the queue has been reduced to 200 (previously 500)
The warning message is now more visible and more consistent to the rest of the KeyHelp UI
Added an email notification that triggers when the amount of emails in the queue reaches the warning threshold

Improved the user experience when using the password input fields while having caps lock enabled
Moved the login notification checkbox from dashboard to profile settings
Enabled login notifications feature also for administrators
Added the option to specify logos for Roundcube when it runs in dark mode (Configuration -> Webmail)
Installed PHP extension gmp
Updated the white label feature

Added the option to specify logos for the KeyHelp user interface when KeyHelp runs in dark mode
Removed the custom 'Product name' option and replaced with 'Replaces occurrences of KeyHelp with the neutral Control Panel' option
Updated the general white label user interface
Updated the current 'Hidden contents' section to 'User interface settings' section
Updated internal names, storage locations, etc. of the elements stored within the white label settings

Updated the CLI badges for error/important messages to be no longer localized (by default), as this results in an inconsistent message output
Added option to clear a mailbox, if it is a forwarding account and consumes above 1 MB disk space
The disk space consumption of a forwarding mailbox is now already displayed when the mailbox consumes more than 1 MB
Updates the visuals on the mailbox consumption for a forwarding mailbox to save horizontal space
Improved the texts for DNS blacklist/whitelist labels to minimize confusion
Updated the notes on the user privileges settings
Updated the redirect target when submitting the 'Email notification -> General settings' form to be more logical
Improved warning message in the extended installation log
Improved various user interface texts and wordings in the English and German base language to be more consistent, easier to read and to comprehend
Improved consistency of multiple email notification texts and subject lines
Updated the KeyHelp cronjobs to use /bin/bash instead of /bin/sh for keyhelp, keyhelp-firewall, keyhelp-monitoring, keyhelp-rspamd-learn, and keyhelp-sa-learn
Updated various string structures for event log records
Protected the postfix email server (MTA) against email smuggling

Debian 10: Uses the short-term workarounds suggested by postfix
Debian 11: Uses the long-term fix suggested by postfix
Debian 12: Uses the long-term fix suggested by postfix
Ubuntu 20: Uses the short-term workarounds suggested by postfix
Ubuntu 22: Uses the short-term workarounds suggested by postfix

Improved database stability when performing long-running tasks (like Backups) on Systems >= Ubuntu 22 & Debian 12
Improved error handling on database startup errors on Systems >= Ubuntu 22 & Debian 12
Used 'System (root)' consistently for all occurrences where resources do not belong to a certain user, but instead belong to the system / the administrators (e.g. SSL/TLS certificates, Bulk operations, Scheduled tasks)
Reduced the number of translations required due to word streamlining and reassignment of strings within the .po files
Reduced possible confusion about which maintenance interval task belongs to which configuration page by adding additional help texts

API Changes

Updated the endpoints '[GET] /domains' and '[GET] /clients/{id}/resources' to now return the traffic accumulated in the current month for the corresponding domain
Fixed the misspelled 'aliases' and 'aliases_utf8' fields on the endpoint '/emails' - the old misspelled fields 'aliasses' and 'aliasses_utf8' are marked as deprecated and should no longer be used
Fixed some spelling mistakes in API documentation
Prevented adding email aliases with a different domain than the domain of the email account
Provided the API definition file now also in JSON format under /api/openapi.json
Increased API version to 2.8

Tool Updates

Roundcube 1.6.6
SnappyMail 2.33.0
Restic 0.16.3
Rclone 1.65.2

Vendor Library Updates

Font Awesome 6.5.1
Chart.js 4.4.1
Twig 3.8.0
CodeMirror 5.65.16
PHPMailer 6.9.1
phpseclib 2.0.46
TinyMCE 6.8.2
symfony/yaml 5.4.35
symfony/polyfill-php80 1.28.0
monolog/monolog 2.9.2

Translations

Updated Arabic (100%) | Thanks to Mohammed Al Shamlan
Updated Brazilian Portuguese (100%) | Thanks to Rogério Borba
Updated Catalan (100%) | Thanks to Otmar Schuster
Updated Dutch (100%) | Thanks to Bas Heijermans
Updated English (100%)
Updated French (100%) | Thanks to Chris Mehl
Updated German (100%)
Updated Hungarian (100%) | Thanks to Madarász László
Updated Italian (100%) | Thanks to Alessandro Daniele
Updated Norwegian (100%) | Thanks to Eirik Sikveland
Updated Polish (96%) | Thanks to Grafidea
Updated Russian (73%) | Thanks to Vladimir Alferov
Updated Spanish (100%) | Thanks to Otmar Schuster
Updated Swedish (100%) | Thanks to Marwin Gripenfrost
Updated Turkish (100%) | Thanks to Serkan Türkkan

Fixes / Imperfections

Fixed an issue where the client's theme was updated instead of the admin's when an admin logged in as a client and changed the theme mode
Fixed an issue where the date format of the KeyHelp database and data backup during a KeyHelp update used an incorrect date format
Fixed an issue when using the 'Bulk Operations -> Updating the PHP version of domains and scheduled tasks' where the default PHP version may not get listed in the 'Current PHP version' dropdown
Fixed an email error notification during the spam learning cronjob when no email account exists on the server
Fixed an issue where determining the size of the email queue on the admin dashboard could be too slow when having a large mail queue and preventing the login into KeyHelp
Fixed an issue where the server clock displayed visitors local time instead of the server time
Fixed an error on certificate management page with certificates having a duplicate CommonName property
Fixed some incorrect redirect targets within the KeyHelp UI where the user may have been redirected to the wrong page in case of some edge-case errors
Fixed issues on systems with incorrectly set locale settings and the parsing of various system commands (e.g. swap may not be correctly determined, monitoring may not work properly)
Fixed a PHP notice that may occur during file upload: Trying to access array offset on value of type null” in /home/keyhelp/www/keyhelp/pages/client_file_manager.php on line 450
Fixed a PHP deprecation warning: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in /home/keyhelp/www/keyhelp/core/pending/File.php on line 244
Fixed a PHP deprecated warning when creating a Dropbox backup repository: trim(): Passing null to parameter #1 ($string) of type string is deprecated in /home/keyhelp/www/keyhelp/core/Backup/Storage/BackupStorageConfig/BackupStorageConfigDropbox.php on line 110
Debian 12 / PHP 8.2 | Fixed a PHP deprecation warning: Creation of dynamic property QRencode::$cmyk is deprecated in /home/keyhelp/www/keyhelp/vendor/phpqrcode/phpqrcode.php on line 3266
Debian 12 / PHP 8.2 | Fixed a PHP deprecation warning: Creation of dynamic property PwnedChecker::$numberOfDataBreaches is deprecated in /home/keyhelp/www/keyhelp/core/Security/PwnedChecker.php on line 90
Debian 12 | Fixed that OpenDKIM was installed (OpenDKIM is not needed on Debian 12)
Fixed an issue where the labels of the unban button did not match the modal window texts on the Fail2ban management page
Fixed some issues regarding backups being stopped during execution without an error message

Miscellaneous

Unified PHP package list installed from the pre-installer and the main install routine
Removed unnecessary duplicate Dovecot configuration checks
Adjusted the character input limits in the input field for FTP username
Adjusted the character input length in the input fields for database name & database username
Updated Easter eggs
Updated code structure by updating the association of functions to their corresponding files
Enhanced debug capabilities when KeyHelp is installed/running with debug mode
Updated Debian 12 to be capable of running in full debug mode (dev-server only)
Updated debug panel appearance
Changed the CLI badge label for an important message from 'Important' to 'Attention'
Added more features to help designing KeyHelp's configuration pages
Updated method on how Roundcube custom logo will be configured
Updated the way the Apache default log format is handled
Renamed various internal components to make them universal/independent of the software installed on the server
Updated database tables 'mail_users' and 'mail_aliases'

Renamed table to 'mail_aliases' to 'mail_routing'
Removed unnecessary fields from 'mail_routing' ('id_user', 'id_domain') and updated code accordingly
Updated column structure and order within the 'mail_users' table

Refactorings (performance improvement, implementation of new features, use of modern language features, streamlining, increased flexibility etc.)

Refactored Backup restore & process handling
Refactored Events class
Refactored BasicEnum class
Refactored BasicStorage & its derived classes
Refactored FileAccess class
Refactored FileTypeCategory class
Refactored ServerEmailAliases class
Refactored Curl class
Refactored Cloudflare class

23.2.1 30 October 2023

Improvements / Changes

Added ability to open files with mime type 'application/javascript' via file manager
The email notification 'A client has updated its contact details' is now also sent when clients have updated their email address
Debian 12 | Added spam-learning for Rspamd and corresponding option field for 'Configuration -> Email Server'

Tool Updates

Roundcube 1.6.4

Vendor Library Updates

phpseclib 2.0.45

Translations

Updated Dutch | Thanks to Bas Heijermans
Updated English
Updated French | Thanks to Chris Mehl
Updated German

Fixes / Imperfections

Debian 12 | Fixed an issue where the wrong template was used for the Apache configuration file keyhelp.conf, which caused the Rspamd web interface to stop working after a rewrite of keyhelp.conf was triggered (already fixed since KeyHelp build 23.2.0.3097, mentioned here only for completeness)
Debian 12 | Fixing a 'PHP deprecated notice' when performing Ajax requests on systems upgraded from Debian 11 to 12
Debian 12 | Fixed the error that occurred when using the Rspamd web interface and the 'Scan/Learn' feature
Fixed that the checkbox under 'Configuration -> Support Access' was incorrectly displayed as enabled, although support access was not enabled
Fixed that with certain browser window sizes, the input fields under 'Configuration -> Service/Port Monitoring on Dashboard' were displayed too small

Miscellaneous

Updated KeyDisc Pro Logo
Hidden 3 more Easter eggs
Implemented new method to allow more variation in the display of Easter eggs
Updated component names displayed during the installation routine

23.2 28 September 2023

New Features / Added Content

Added support for Debian 12
Only Debian 12 | Complete rework of the email server system -> now using Rspamd (etc.) instead of Amavisd (etc.)

Amavis, Spamassasin, OpenDKIM are no longer needed and therefor not installed anymore
Switched DKIM signing from OpenDKIM to Rspamd DKIM signing
Detected viruses in emails are now tagged with '***VIRUS***' instead of '***INFECTED***'
The 'keyhelp-toolbox' utility in 'Show system information' now shows Redis and Rspamd (if installed) and omits Amavis and Spamassasin (if not installed)
UI changes in the admin area

Added 'Rspamd Web Interface' to 'System Status'
Added Rspamd and Redis to 'System Status -> Monitoring'
Added Rspamd and Redis to 'System Status -> Server Service Management'
Added Rspamd and Redis to 'Applications' on the dashboard
Removed the 'Train spam filters' input field from 'Configuration -> Email Server'
Removed the 'Spam filter black/white list' input fields from 'Configuration -> Email Server'
Removed the 'Protection measurements for catch-all email accounts' input field from 'Configuration -> Email Server'

UI changes in the client area

Removed the 'Check incoming emails for viruses' input field from 'Email Addresses -> Add/Edit'
Removed the 'Check incoming emails for spam' input field from 'Email Addresses -> Add/Edit'
Removed the 'Spam score' input field from 'Email Addresses -> Add/Edit'

Added support for logging in with a WebAuthn device
DKIM selectors for domains can now be changed and set individually
Added Hungarian translation - Thanks to Madarász László

Improvements / Changes

Added compatibility with PHP 8.2
Added the new placeholder <DKIM_RECORD_HOST> (including the DKIM selector) to the DNS editor
Added the 'DKIM DNS record' pop-up window trigger to the host column of the DNS editor when the record uses <DKIM_RECORD_HOST> as the host value
Added the current 'DKIM host' value (including the DKIM selector) of the selected domain to the 'DKIM DNS record' pop-up window (accessible via 'Domains' overview or DNS editor)
Updated existing custom DNS settings that used the default DKIM host value 'default._domainkey' with the new <DKIM_RECORD_HOST> placeholder
The default webmail and database administration software URLs are now relative instead of absolute URLs containing the hostname; this allows access to these tools via an IP address if the hostname is not reachable
The 'Service/port monitoring' on the admin dashboard now supports monitoring UDP ports as well
Improved the column order of the 'Service/port monitoring' on the admin dashboard
Added the protocol information to the port column in the 'Service/port monitoring' on the admin dashboard
Added the protocol information to the port in the 'keyhelp-toolbox' utility under 'Show system information'
Clients can now enable login notification emails for their account through the KeyHelp dashboard
Added the new 'A client has successfully logged in' template to the 'Configuration -> Email Notifications' page
Added the ##date_time## placeholder for use in custom email notification texts on the 'Configuration -> Email Notifications' page
Improved accessibility by enhancing the top right user menu for keyboard navigation
Added additional important descriptions and notes to the 'Configuration -> Hostname' page
Updated the validation for database names and database usernames to be less restrictive
Updated the wording of some technical terms to be consistent with new features of this update
Activated Sieve email filtering for SnappyMail
Updated the account template dropdown on 'User Administration -> Add/Edit' to better reflect that it does not indicate the currently active account template
Enhanced the 'Server Status -> Server Service Management as follows:

Added detailed information about the service status, accessible via the 'Details -> Show' button
Service status is now gathered asynchronously
Improved the labels, descriptions, tooltips, etc.
Updated the order of the services to be more logical
Added the 'Category' column

Added a domain search for 'Client area -> Statistics -> Domain statistics'
Removed the hierarchy in the domain dropdown on the 'Client area -> Statistics -> Domain statistics' as it was rather confusing to look at
Added a hint to use the CLI utility 'keyhelp login' after the installation routine has finished
Added CPU clock speed to the CPU information on the admin dashboard
Added CPU clock speed to the CPU information in the CLI utility keyhelp-toolbox
Added an option to the CLI utility keyhelp-toolbox: 'Rewrite KeyHelp configuration files (Apache, Bind9, PHP-FPM)'
Added a new Backup troubleshooting operation 'Repair index'
Improved KeyHelp UI page load speed and responsiveness by 2 - 3% (continuing the work on speed improvement that started with KeyHelp 23.1)
Showing KeyHelp Pro features on the 'Configuration' page - however, they cannot be accessed
Added a proper footer line to the 'Configuration -> Languages' page, showing the number of available languages
Removed the auto-restart of OpenDKIM after a reboot (it was a workaround for Ubuntu 16.04 and is no longer needed)
Added a deprecated note to the old backup system on the backup selection page
During the update process, if the old backup system is not used and has not been used, the option 'Show alternative backup management' page is set to disabled
Streamlined the translations for applications on 'keyhelp-toolbox -> Show system information', 'Admin dashboard' and 'Server Status -> Server Service Management'
Streamlined the 2-factor-authentication tab with other tabs of the users profile page
When adding a new record in the DNS editor, the focus is set to the first input field of the new record line
Updated the DNS editor description texts and layout, highlighting the available placeholders, etc.
Updated the DNS editor visuals when the DNS is disabled for a domain
Improved the email log viewer on 'System Status -> Mail log', which now uses journalctl to collect log records
Previously, shortly after rotating the /var/logs/mail.log, the email log viewer would not have been able to show all records it potentially can - now by using journalctl, this can no longer happen
Bulk operations now use a more user-friendly approach to specify the scope of the operation
Bulk operations now indicate when 'System (root)' is a valid option for the scope option
Removed the unnecessarily complicated 'All except the following user accounts' option from bulk operations scope dropdown
Updated the labels/description texts for the domain email options, to minimize possible confusion
Roundcube now logs failed login attempts to syslog/journal instead of its own log file
Only on new installations | Enabled Fail2ban jails for Roundcube, Postfix, Dovecot, ProFTPD by default
Only on new installations | Updated Fail2ban jail 'keyhelp-phpmyadmin' to work with the systemd backend
Web server logs on 'Domains -> Show logs' now shows 500 entries per access.log and error.log instead of just 300
Added 'Show client ID' to 'User Administration -> Customize view' which adds a new column containing the client ID
Added the client ID as a searchable parameter for 'User Administration -> Viewing options'
Added the client ID on the delete confirmation page of the clients
File manager now highlights .wsdl files in the overview and adds XML syntax highlighting when editing these files
Setting the default value for the php-fpm configuration option 'soap.wsdl_cache_dir', which now points to the /home/users/<USERNAME>/tmp/ directory
Improved traffic statistic calculation and now using journalctl for Dovecot and Postfix traffic collection
Only in admin area | Moved all options regarding email to the new tab 'Email'
Added a cleanup job for the Roundcube user database, which deletes email accounts no longer existing on the server from the Roundcube database
Added a new bulk operation feature: 'Override the DNS TTL of all domains'
The CLI utility 'keyhelp db-login' now also provides an auto-login URL for access via the IP address
Updated IonCube loader to version 13.0.1
Updated the order of menu items on the 'Configuration' page to be more logical
Updated the order of menu items on the 'System Status' page to be more logical
Only on new installations | The password for the 'mysqladmin' database user is now 32 characters long (use the 'keyhelp db-login' command as a more convenient alternative for logging in)
Moved the 'Prohibited Domain Names' link from the main navigation to the 'Configuration' page
Improved the display of installation parameters in the installation menu
Enhanced debug capabilities for KeyHelp when running in development mode
Improved the display of the configuration parameters in the email account's connection data pop-up window
Only on new installations | Ensured that the /etc/sudoers file has the correct settings during the installation routine
Only on new installations | ProFTPD now logs failed login attempts to syslog/journal instead of /var/log/proftpd/proftpd.log
Improved the display of disk space, memory, and swap consumption on 'keyhelp-toolbox -> Show system information'

API Changes

The endpoint '[GET] /server' (property: 'meta') now shows whether the server is running KeyHelp Pro
The endpoint '[GET] /server' (property: 'ports') now shows the protocol (tcp/udp)
The endpoint '[GET] /server' (property: 'components') now shows Redis and Rspamd (if installed) and omits Amavis and Spamassasin (if not installed)
The endpoint '[GET/PUT/POST] /domains' now allow querying and setting a domain's DKIM selector
Improved error messages for endpoint '[POST] /ftp-users', instead of informing about missing uid/gid, now the reason for this is better explained and what to do
Improved API documentation, added documentation of sorting parameters, corrected spelling and punctuation errors
Fixed the endpoint '[POST] /ftp-users' where the error message 'You are not allowed to create new directories at this level of the directory hierarchy.' was issued too early
Bump API version to 2.7

Tool Updates

Roundcube 1.6.3
Snappymail 2.28.4

Vendor Library Updates

Restic 0.16.0 (Improvement: Memory consumption reduced by 25%)
Rclone 1.64.0
Font Awesome 6.4.2
Chart.js 4.4.0
Twig 3.7.1
CodeMirror 5.65.15
PHPMailer 6.8.1
phpseclib 2.0.44
jQuery 3.7.1
TinyMCE 6.5.1
Handlebars 4.7.8
symfony/yaml 5.4.23
symfony/polyfill-mbstring 1.28.0
symfony/polyfill-ctype 1.28.0

Translations

Added Hungarian translation | Thanks to Madarász László
Updated Brazilian Portuguese (100%) | Thanks to Rogério Borba
Updated Catalan (100%) | Thanks to Otmar Schuster
Updated Chinese (traditional) (100%) | Thanks to Wu Ru Kang
Updated Dutch (100%) | Thanks to Bas Heijermans
Updated English (100%)
Updated French (100%) | Thanks to Chris Mehl
Updated German (100%)
Updated Italian (100%) | Thanks to Alessandro Daniele
Updated Norwegian (100%) | Thanks to Eirik Sikveland
Updated Portuguese (100%) | Thanks to ID Digital (Marco Ferreira)
Updated Spanish (100%) | Thanks to Otmar Schuster
Updated Swedish (100%) | Thanks to Marwin Gripenfrost
Updated Turkish (100%) | Thanks to Serkan Türkkan

Fixes / Imperfections

Fixed an issue where the asterisk on the database overview page (displayed whenever a database name/username needs to be enclosed in backticks) caused the database's description text to have a font size that was too small
Fixed an issue where in some places the asterisk for required input fields was displayed both in the labels and in the help text
Fixed a PHP warning when trying to apply an account template to a user account with invalid request parameters (-> improved this feature regarding input validation, added indicator when something invalid was passed)
Fixed that input sanitization was not applied to input fields on 'Configuration -> Service/Port Monitoring on Dashboard'
Fixed the icon for an invalid/unknown backup type on the backup overview
Fixed that when performing the 'Unlock repository' backup operation, the end time was not saved and therefore the duration of the operation was not displayed when hovering the mouse cursor over the 'Started on' column on the backup overview page
Fixed that the 'Configuration -> Restricted SSH environment' page could be accessed without KeyHelp Pro
Fixed the update installation of the additional PHP interpreters, which in rare cases could result in the PHP interpreter not being updated/installed and thus completely removed from the server
Fixed an issue that occurred around the turn of the year in 'System Status -> Mail Log' that caused records from the previous year to be listed with an incorrect date
Fixed email domain settings where the 'Domain can be used exclusively for sending emails' checkbox remained visible and retained its status when the domain type was changed from the main domain to a subdomain
Fixed a PHP deprecated warning when calling the API without specifying an endpoint
Fixed the order when sorting by the 'Banned since' column in 'Fail2Ban Management'
Fixed an error that could occur when terminating a phpMyAdmin session when being logged in using the KeyHelp database auto-login feature
Fixed the error message 'You are not allowed to create new directories at this level of the directory hierarchy' being issued too early when a new FTP user should be added and the corresponding system user was not yet fully set up
Fixed the dovecot error 'Command output: doveconf: Fatal: Error in configuration file /etc/dovecot/conf.keyhelp.d/10-ssl.conf line 4: ssl_ca: Can't open file /etc/ssl/keyhelp/mail-ca.crt: Permission denied' by removing the ssl_ca configuration option from /etc/dovecot/conf.keyhelp.d/10-ssl.conf
Fixed the issue where HTTPS vhost containers were not generated for domains marked as disabled - accessing such domains would result in a '404 Error' page instead of redirecting to the specified 'Domain not found' URL
Fixed an issue where the monitoring cron job could send an email with error messages like 'file_get_contents(/proc/<PID>/stat): failed to open stream: No such file or directory' when trying to collect data from an already terminated process

Miscellaneous

Streamlined various database table column types of the KeyHelp database
Renamed database column names and PHP function names to indicate that the corresponding features are independent of the software on the server in preparation for upcoming features
Updated the welcome message on the admin dashboard
Refactored and improved the logical order of the main update cron job
Renamed the database table 'domains_log_analyzer' to 'domains_traffic_collector'
Improved code and comments quality
Renamed 'DNS Zone Editor' to 'DNS Editor' throughout the UI
Lowered the license grace period to 7 days
The values in the database table 'domains_custom_dns' are no longer stored in the PHP serialized format, instead they are now stored using JSON format
Added a separate Bind server config update job to the update cron job (previously it was bundled with server and client configs update)
Added a separate PHP-FPM server config update job to the update cron job (previously it was bundled with server and client configs update)
Removed obsolete functions
Improved the template structure of the login page
Removed the double slash in the URL when accessing the webmailer on the 'Client area -> Emails' page
Added a new DKIM management system and a new DKIM manager for systems using Rspamd
During a hostname change, the custom access URLs for webmail and database administration are now no longer updated; Custom access URLs, which contain the old hostname need to be updated manually
Removed Ubuntu 18 from the list of supported systems

Prevents installation on Ubuntu 18 systems
Removed deprecated Ubuntu 18-specific code
Removed workarounds and code maintained for compatibility with PHP 7.2
Utilized various features of newer PHP versions that could not be used until now

Refactorings (performance improvement, implementation of new features, use of modern language features, streamlining, etc.)

Refactored DatabaseAutoLogin class
Refactored KeyHelpInstaller class
Refactored SetupConfig class
Refactored InstallLog class
Refactored ResticSoftware class
Refactored RcloneSoftware class
Refactored ClientTraffic class
Refactored AwstatsManager class
Refactored CPUInfo class
Refactored Fail2BanClient class
Refactored TwigRenderer class
Refactored VersionNumber class
Refactored OpenDKIM class
Refactored TlsProtocols class
Refactored *LogAnalyzer classes -> TrafficCollector* classes
Refactored LogViewer* classes and added a class for Journalctl

23.1.1 09 May 2023

23.1 04 May 2023

New Features / Added Content

Added round-the-clock monitoring and graphs for various system metrics (requires KeyHelp-Pro)
Added Snappymail as a new webmailer alternative
Added socket status / port usage overview page (a representation of commands like 'netstat -tulpen' / 'ss -tulpen')
System mail log can now be monitored in real time from the user interface
Portuguese translation added - Thanks to ID Digital (Marco Ferreira)

Improvements / Changes

Added a nice value (= lowered priority) to the SpamAssassin learn cron job
Added columns to show nice and priority values for processes on the process manager page
Added an additional vhost container for an HTTPS to HTTP redirect if no HTTPS container exists (= domains without SSL certificate)
Moved all status/statistics menu items within the main navigation and combined them under the new menu item 'General -> System Status'
Updated the monitoring and eventual restart (in case of an error) of the Amavis service from every 12 hours to now every 6 hours
Improved the way real-time monitoring of Apache server status and domain logs works to be more suitable and more efficient for logs with a high number of new records per second
When attempting to access KeyHelp files via the web that need to be executed via CLI, a 403 HTTP error is issued and the error message has been formatted to be readable in the web context
The KeyHelp Toolbox now shows whether a server restart is recommended
Updated file structure in KeyHelp home directory
Improved parsing of Apache error.log files for IPv6 addresses and ports
Simplified overview table of domains and saving some vertical space
Simplified overview table of user administration and saving some vertical space
Added option to allow email domains for email sending only
Unified the way how paths are displayed in the overview tables (domains, FTP users, directory protections)
Adding the option to quickly access the assigned directory in the file manager for domains, ftp users, directory protection pages in the client area of KeyHelp
Updated the order of the directory protection columns to better match similar pages
Improved the way the icons are generated by the template engine and added new features
Improved the KeyHelp autoloader and boosted the page loading speed by 2.5 - 5% (further improvements of up to 10 - 15% are possible with upcoming updates)
Added display of disk space reserve on admin dashboard
Improved readability for scheduled tasks in dark mode when the command type is PHP
Displays PHP interpreter version number of the scheduled task on overview page if command type is PHP
Updated the features and flexibility of the template macro element 'Tag'
Updated the Select form element to allow full button customization when used in combination with a button
Improved method for checking for open ports on the admin dashboard (allows UDP ports to be checked with a later release)
In the server service management, the time synchronization service Chrony is displayed, if installed
Improved Apache server status, real-time monitoring now visually consistent with other pages with this feature
Updated various icons to make them more meaningful
Removed redundant duplicate 'Back to overview' button on the 'Web Server Logs' page
Updated SourceGuardian loader to version 14.0.1
The bulk operation 'Update PHP Version' now also updates the PHP interpreter version for scheduled tasks
Improved icon colors for various icons to create a more pleasant overall appearance
Shows the usage of each PHP interpreter by PHP-FPM configuration files, by domains and by scheduled tasks
Moved all items from the Automation tab during client creation/editing to the new Advanced Settings tab
Moved the Suspend Account checkbox to the Advanced Settings tab
Moved all items from the Automation tab during domain creation/editing to the new Advanced Settings tab
Moved the Disable domain checkbox to the Advanced Settings tab
The restriction for FTP accounts that their home directories must be below /www/ or /files/ has been removed (one can now grant access to FTP accounts that can access the entire home directory)
Added information since when and how long an IP is banned to the Fail2Ban management (not for Ubuntu 18 / Debian 10)
Improved the way unavailable domains / non-existing domains are handled on the server, also removed some workarounds in KeyHelp in the process, resulting in a slight performance optimization
Improved creation of new system user accounts - e.g. when errors occur in the quota system, the uid/gid of a user account is now set in the database, which results in a user account being fully usable, as opposed to when the same thing occurred in previous releases
On the statistics page in the client area you can now see the traffic distribution of the last 6 months in the traffic statistics
Improved and streamlined various labels, description texts and event messages to make them more useful and helpful
Email queue

Added option to flush email queue
Added display of email headers
Added new status column that shows in which queue the email is currently held
Improved table structure and column order

File manager

The exchange directory required for various file manager operations is now checked for file remnants every 3 hours and cleared if necessary
Changed order of 'Directory / Empty file' in 'File manager -> New' pop-up - also the directory is now preselected
The UI element that shows the current file system position is now also displayed when viewing and editing files
Improved the way the UI element for current file system position is generated by the template engine
Improved some potentially misleading labels and description texts
Allows viewing and editing of files with the mime type 'application/octet-stream'
Prevents changing file properties for files at the root level of the home directory

Backup

Added KeyDisc as backup storage type to allow easier integration of KeyDisc remote storages
Added option to backup schedules to start them immediately
Added hint on how to use the asterisk character in the 'Files and directories' input fields when creating backups

PHP-Interpreters

Prevent PHP interpreters from being uninstalled when used for scheduled tasks
Removed redundant information from the 'Configuration -> PHP Interpreter' tables and saved some vertical space

API Changes

Added the is_email_sending_only field to the /domains endpoints
The /ftp-clients endpoint can now be used to create FTP users that can access all directories of the user's home directory (previously only the directories /www/ or /files/ and their subdirectories were allowed)
Bump API version to 2.6

Tool Updates

PhpMyAdmin 5.2.1
Roundcube 1.6.1 (not for Ubuntu 18)
Snappymail 2.27.3 (not for Ubuntu 18 / Debian 10)

Vendor Library Updates

Restic 1.15.2
Rclone 1.62.2
Font Awesome 6.4.0
Chart.js 4.2.1
Twig 3.5.1
CodeMirror 5.65.12
PHPMailer 6.8.0
phpseclib 2.0.42
jQuery 3.6.4
symfony/yaml 5.4.21
TinyMCE 6.4.2
monolog/monolog 2.9.1

Translations

Added Portuguese translation - Thanks to ID Digital (Marco Ferreira)
Updated Arabic (100%) | Thanks to Mohammed Al Shamlan
Updated Brazilian Portuguese (100%) - Thanks to Rogério Borba
Updated Catalan (100%) | Thanks to Otmar Schuster
Updated Dutch (100%) | Thanks to Bas Heijermans
Updated English (100%)
Updated French (100%) | Thanks to Chris Mehl
Updated German (100%)
Updated Italian (100%) | Thanks to Alessandro Daniele
Updated Norwegian (100%) | Thanks to Eirik Sikveland
Updated Polish (100%) | Thanks to Grafidea
Updated Spanish (100%) | Thanks to Otmar Schuster
Updated Turkish (100%) | Thanks to Serkan Türkkan
Updated Swedish (100%) | Thanks to Marwin Gripenfrost
Marked Indonesian as abandoned

Fixes / Imperfections

Fixed a JavaScript error that occurred when using the Firefox/Safari browser and trying to submit the form with the general email notification settings
Fixed a JavaScript error that prevented the email notifications test email from being sent with certain browsers versions
Fixed an installation error in the Dovecot component when reinstalling KeyHelp on an already installed KeyHelp system
Fixed installation error / hanging installation routine in the Bind9 component when a modified /etc/init.d/bind9 file already existed on the server
Fixed an issue on the firewall user interface with positioning of firewall rules for outgoing traffic
Fixed sorting issue with case sensitivity of directory names on disk usage page
Fixed that the additional information icon was displayed on the email queue page even if no additional information was available
Fixed that the 'Go to Download' button was hidden on the domain web server logs page
Fixed incorrect redirection URL when no checkbox was ticked on the bulk operations page 'Rewrite user configuration files'
Fixed that .csv files / files with the mime-type 'application/csv' could not be viewed with the KeyHelp file manager on Debian systems
Fixed that a spacer icon took more vertical space than a normal icon, which caused table rows with a spacer icon to be displayed 10-20% larger and resulted in a disharmonious appearance
Fixed incorrect command type labeling on the confirmation page for deleting scheduled tasks ('Run PHP script' was labeled as 'Call URL' and vice versa)
Fixed a PHP warning on the active session page when an FTP username '(none)' was present
Fixed showing/hiding the asterisk character for input fields when no label was set and only the help text was displayed
Fixed an issue with DNS that caused AXFR requests to be answered
Fixed that when deleting an FTP user, the absolute path of the home directory on the server was displayed instead of a relative path
Fixed that the form fields that control the scope of a bulk operation were not displayed
Fixed that if only non-existent usernames were entered in the form fields in the area options on the bulk operations page, the operation was performed for all users instead of for no user
Fixed that on active session page, when there are connections from multiple IPs below 'Email Server Sessions', the Whois tool could not be used to receive more information about one of the IPs
Fixed a JavaScript error that occurred when logged in to the client area with 'Brazilian Portuguese', 'Chinese traditional' or 'Chinese simplified' selected as language, causing various dynamic features in the user interface to not work properly
Ubuntu 22

Fixed a PHP deprecated notices when trying to set up an SFTP backup remote store with an empty host
Fixed a PHP deprecated notices when trying to set up an SFTP backup remote store with an empty user
Fixed a PHP deprecated notices when calling the path sanitization routine with an invalid path

Miscellaneous

Refactorings (implementation of new features, use of modern language features, streamlining, etc.)

Refactored LogParser class
Refactored MailQueue class
Refactored Autoloader class
Refactored Users class
Refactored FtpWho class
Refactored Process class
Refactored ProcessManager class
Refactored Backup storage setup JavaScript components
Refactored file system functions
Various other code improvements

Updated database structure and field names for various database tables
Updated the way system domains are created
Updated IP addresses for support access SSH keys
Improved ability to have a non-development server switch to full error reporting
Updated options to setup development servers
Implemented various smaller improvements for template elements

23.0 19 January 2023

New Features / Added Content

Implementation of 'One web server log per each domain/subdomain'

Before, web server logs were maintained per client account, now there is one access and error log per each domain/subdomain
Removed the 'View web server logs' button from the domain page, instead added an icon in the 'Options' column to access the logs of the individual domains
Web server logs can now also be accessed from the KeyHelp admin area
Acceleration of the logrotate operation by overhauling the whole statistics generation process (previously, depending on the number of domains, up to half an hour, now a few seconds)
Awstats statistics are now also generated per domain/subdomain instead of per user
Updated the UI update on the client statistics page

Added a new command to the CLI utility 'keyhelp': 'keyhelp db-login' to instantly log in to phpMyAdmin / Adminer via URL
Added DNS record lookup tool

Improvements / Changes

Backup

Added compression feature for new repositories created with KeyHelp >= 23.0 (compression is automatically enabled for all new repositories)
Added option to specify CPU usage of the Restic application under 'Configuration -> Backup'
Added hourly backup interval
Added a display where you can see the start/end time and duration of a backup event, just hover over the 'Starts on' column
Reduced the launch window for scheduled backups from 1 hour to 5 minutes (only affects the first run)
The email notification of the old backup system now uses the same template as the new backup system

Quota

One can now see the number of files a client account currently has and the maximum number of files that can be stored
Before, the maximum file count of an account was a value not displayed in the UI that could only be influenced by changing the disk space value of that client, now you can configure it under 'Configuration -> Quota'
One can globally disable the maximum number of files, regardless of the allocated disk space of the clients
The current/maximum files can be viewed via the user administration page (Use 'View options' to toggle the visibility)
The current/maximum files can be viewed via the client dashboard
Complete overhaul of the quota management system
A warning is displayed on the client dashboard when the client has reached 90%/100% of its maximum number of files
An email notification is sent when the client exceeds the 90%/100% of the maximum available files
The default average file size used to calculate the maximum number of files has updated from 6 KB to 8 KB | For new installations only

Improved UI and descriptions for 'Email Addresses of Server Domain'
When the one-click installation is run in debug mode, all install parameters are now displayed (previously this was only the case on development systems)
Improved the database layout for certain tables in the KeyHelp database
Complete overhaul of the HTTP variable handling system, with better input validation, improved security, etc.
Added a link to the email design template on the email notifications page
Extended the view options for the user administration page, added more columns to show/hide
Updated the 'Message of the Day' | Only for new installations
Improved UI when setting up an external SMTP server for email notifications
Removed the space between /www/ and the domain target on the domain overview page
Improved the way domain redirects are displayed on the domain overview page
Added a message when trying to install the unsupported additional PHP interpreters for aarch64/arm64 systems
Updated the RAM drive configuration user interface to be more consistent with the rest of the KeyHelp user interface
If swap is disabled on the server, the corresponding information on the admin_dashboard are now hidden
The settings for PHP/PHP-FPM are now displayed on the account template overview page
Added a link to 'Log in as client' in the user column of the event logs in the KeyHelp admin area
Added service/port monitoring to 'keyhelp-toolbox -> Show system information'
Updated the log format and improved readability of the 'Calculate disk space' cron job
Updated the log format and improved readability of the 'Update statistics' cron job
To ensure maximum compatibility, application installations are now always performed using the PHP version of the selected domain
Removed quotes around the DKIM record value in 'For insertion into web forms (e.g. Cloudflare)' in the DKIM export window of the domain
Added file type indicator icons for .avif, .cfg, .yml, .yaml, .jfif, .h and configuration files in general
Removed obsolete JavaScript library 'moments.js', now native JavaScript solutions are used (speed and request improvements)
Updated the column 'Actions' to 'Options'
Updated ionCube loader to version 12.0.5
SourceGuardian is now installed and enabled for the default PHP version of the operating system
Added SourceGuardian to the secured shell environment
The logs of the old backup system now show better human-readable byte values instead of just Megabytes
Improved UX when refreshing the admin_accounts_client page (F5) and having used the search function before
Improved installation UI when installing components
Improved formatting for large values in the usage indicator (progress bar + numbers)
Improved formatting for large values in the 'User Information' box on the user administration page
Improved formatting for CPU usage when using the keyhelp-toolbox utility
Implemented a system that checks for misplaced placeholders in translation files before each new KeyHelp update
Various text and wording improvements throughout the user interface
Improved the way required PHP extension libraries are determined for the secured shell environment
Improved error handling in case of SQL errors on Ubuntu 22 systems
Email notifications

Added an email notification when a client account is suspended or unsuspended
Added an email notification when a client account has reached 90%/100% of its available file count
The text and placeholders of the antivirus email notification have been improved to better align with the backup email notifications
Improved explanation of the different placeholders that can be used in email notifications
Email notification texts have been streamlined in terms of wording, paragraphs, etc. to improve readability, make information easier to find and be more appealing when combined with the email design template
All custom settings belonging to the no longer used email notification template for the old backup system have been removed

I18n

Complete overhaul of the i18n systems responsible for KeyHelp selecting the correct number/date formats and other language specific characteristics depending on the selected language
Removes a lot of potential confusion for translators overall, as translations previously contained not only text but also some logical parts
Ensures that all number/date formats/etc. are always correct for the selected language
The new system offers more features and is much more flexible than the old system
Speed improvements over the old systems (10x faster)
With the new system, a lot of strings that previously had to be translated could be removed, reducing the number of words that had to be maintained by translators

API Changes

Adding the component 'ports' to the [GET] /server endpoint showing the services/ports monitoring
The endpoint [GET] /clients/<ID>/stats now also provides the field 'files' showing the current and maximum values for the number of files
Fixed that the endpoint [GET] /clients/<ID>/stats incorrectly returned the maximum traffic value as string instead of integer
Bump API version to 2.5

Vendor Library Updates

Restic 1.14.0
Rclone 1.61.1
Font Awesome 6.2.1
Chart.js 4.1.1
Twig 3.5.0
CodeMirror 5.65.11
PHPMailer 6.7.1
phpseclib 2.0.41
jQuery 3.6.3
symfony/yaml 5.4.17
symfony/polyfill-ctype 1.27.0
symfony/polyfill-mbstring 1.27.0

Translations

Updated Brazilian Portuguese (100%) - Thanks to Rogério Borba
Updated Catalan (100%) | Thanks to Otmar Schuster
Updated Chinese (traditional) (100%) | Thanks to Wu Ru Kang
Updated Dutch (100%) | Thanks to Bas Heijermans
Updated English (100%)
Updated French (100%) | Thanks to Chris Mehl
Updated German (100%)
Updated Italian (100%) | Thanks to Alessandro Daniele
Updated Norwegian (100%) | Thanks to Eirik Sikveland
Updated Polish (100%) | Thanks to Grafidea
Updated Spanish (100%) | Thanks to Otmar Schuster
Updated Swedish (100%) | Thanks to Marwin Gripenfrost
Updated Turkish (100%) | Thanks to Serkan Türkkan

Fixes / Imperfections

Fixed several misplaced placeholders in the email notification templates for certain translations
Fixed that when adding/editing a domain and entering an invalid URL in the 'Domain target -> Forwarding -> Destination address' field, the form could not be submitted when switching to 'Domain target -> Local directory'
Fixed the error message 'too_many_requests' that could occur when using a highly utilized Dropbox repository for backups
Fixed that the backup did not contain the client's tmp/ directory (not the contents), which could lead to errors when restoring a client whose tmp/ directory was missing
Fixed missing error message when there was an error with the CSR when adding a new certificate/CSR
Fixed glue record configuration in the KeyHelp DNS config file for the following cases: 1x IPv4 + 1x IPv6; 1x IPv4 + 2x IPv6; 2x IPv4 + 1x IPv6 | Only for new installations
Fixed that if a client was named 'admin', the quota for that user could not be updated
Fixed that after renaming the server hostname and using the database auto-login feature to access phpMyAdmin, it was no longer possible to log out of phpMyAdmin correctly
Fixed that ##old_contact_details##/##new_contact_details## were not listed in the placeholder declaration
Fixed that file manager permission was displayed on client dashboard even if the file manager was globally disabled
Fixed that the PHP mods 'charset' and the 'timestamp' were not enabled for PHP-FPM in some cases
Fixed an issue during installation when the 'locales' package was not installed on the server
Fixed Awstats statistics being generated in English instead of the appropriate languages (Affected languages: SV, pt_BR, zh_TW, zh_CN)
Fixed that Awstats statistics page title was always in English
Fixed that when selecting 'Delete entire directory content' in the application installer, hidden files and folders were not deleted
Fixed incorrectly localized byte value separator in 'keyhelp-toolbox -> Show system information'
Fixed incorrectly localized byte value separator in email notification 'A client has exceeded the traffic limit in the current month'
Fixed incorrect placeholder ##username## instead of ##client_username## in the subject of the email notification 'A client has exceeded the traffic limit in the current month'
Fixed missing syntax highlighting for .yml files in file manager
Fixed that the login throttling feature did not work when KeyHelp was running in demo mode
Fixed incorrect use of placeholders in the Dovecot 10-ssl.conf template file
Fixed a PHP notice on the login page
Fixed an issue on the disk overview page causing a PHP deprecated notice in certain cases
Whois Tool

Fixed that complete records are now displayed instead of combined/reduced ones for certain IPs (e.g. 8.8.8.8)
Fixed encoding issues when the response contained special characters such as umlauts
Fixed an error that occurred when querying an IP whose Whois server does not use the UTF8 character set and uses special characters

Ubuntu 22

Fixed that Ubuntu 22 could freeze during installation of the 'SSH' component in certain cases
Fixed that a certificate signing request could not be generated
Fixed ERROR 500 on the disk overview page when using certain file systems
Fixed that when setting remote access for the database, it only worked for IPv6 instead of IPv4 and IPv6 (changed behavior in MariaDB >= 10.6)
Fixed that when calling a PHP script within the secured shell environment, an error could be issued about a missing librt.so.1
Fixed some PHP deprecated notices when using PHP 8.1 within the KeyHelp codebase

Miscellaneous

Updated various names in the settings table of the KeyHelp database
Removed various table columns from KeyHelp database that are no longer needed
Updated log format for KeyHelp logs
Preparatory work for an upcoming web server update to provide alternatives to Apache
Updated names ('user' -> 'client') of EmailEventTypes within code and corresponding database tables
Unified the way viewing options were handled by the template engine, removed duplicate code and laid the groundwork for upcoming updates
Refactorings (implementation of new features, use of modern language features, streamlining, etc.)

Complete refactoring of the way statistics generation is done via Awstats
Refactored and unified the way how KeyHelp deletes files and directories
Refactored CLI class
Refactored Byte class
Refactored VirusSignatureUpdater class
Refactored Apache class
Refactored PhpFpm class
Refactored DatabaseAutoLogin class
Refactored TlsProtocols class
Refactored SelfStoringObject class
Refactored how the current language is determined
Refactored the way, how a 'quota freeze' event is performed
Refactored many minor helper functions
Various other code improvements

22.2 07 September 2022

New Features / Added Content

Added support for Ubuntu 22
Added Whois IP tool
Added options to define global web server directives
Added Dutch translation - Thanks to Bas Heijermans

Improvements / Changes

Added option to define path exceptions for directories secured by 'Directory Protection'
Added summary for processes by IP in 'Apache Server Status'
Added 'Email Catchall' client permission, which can now be set via 'User Administration' or 'Account Templates'
Added the 'Whois IP' feature to the 'Active Sessions', 'Event Protocols', 'Fail2Ban Management' and 'Apache Server Status' pages
Improved usability when enabling maintenance mode - excluded IP addresses are now saved regardless of whether maintenance mode is enabled, etc.
Improved behavior and visual presentation on the 'Traffic' client page on smaller screens
Improved the 'Login as this user' feature as it now preserves the administrator's language settings regardless of what language the client is using
Improved line break behavior for long words in pop-ups
Improved settings of the virus scanner for systems with less than 4 GB of RAM
Various improvements when KeyHelp is running in demo mode
Updated ionCube loaders to version 11.0.1 (12.0.1 for Ubuntu 22)
Updated and unified various elements of the user interface
Finalized renaming all references from 'User' to 'Client' therefor to ensure more accurate naming and descriptions

API Changes

Added that one can now set the permission 'email_catchall' via the /hosting-plans/ API endpoint
Added that one can now set path exceptions via the /directory-protections/ API endpoint
Bump API version to 2.4

Tool Updates

Roundcube 1.6.0 (not for Ubuntu 18)
RainLoop 1.17.0

Vendor Library Updates

TinyMCE 6.1.1 (including modern design)
Monolog 2.8.0
Font Awesome 6.2.0
Chart.js 3.9.1
Twig 3.4.2
CodeMirror 5.65.8
PHPMailer 6.6.4
phpseclib 2.0.38
jQuery 3.6.1
symfony/yaml 5.4.12

Translations

Added Dutch translation - Thanks to Bas Heijermans
Updated Brazilian Portuguese (100%) - Thanks to Rogério Borba
Updated Chinese (traditional) (100%) - Thanks to Wu Ru Kang
Updated English (100%)
Updated French (100%) - Thanks to Chris Mehl
Updated German (100%)
Updated Italian (100%) - Thanks to Alessandro Daniele
Updated Norwegian (100%) - Thanks to Eirik Sikveland
Updated Polish (100%) - Thanks to Grafidea
Updated Swedish (100%) - Thanks to Marwin Gripenfrost
Updated Turkish (100%) - Thanks to Serkan Türkkan
Fixed several typos in the base language
Improved many texts in the base language to be more precise and improve readability
Unified several texts to keep the amount of texts to be translated as small as possible
Removed all fuzzy and obsolete marked texts from .po files of all languages

Fixes / Imperfections

Fixed an issue that prevented client accounts from being created if the 'System Domain Scheme' settings contained special characters (umlauts, etc.)
Fixed that textarea content could appear truncated if it was rendered as a hidden element on page load
Fixed that an oversized domain target on the 'Domains' overview page could cause display issues
Fixed that the collapse/enlarge state of the navigation element 'System Status' was not restored after page refresh
Fixed that the permission 'Can change contact data' was not displayed on the 'Account Templates' overview page
Removed unintentionally included JavaScript file on 'Bulk Operations' page
Fixed 'Backup Troubleshooting' page not displaying page title and breadcrumbs
Fixed that when /etc/default/locale was set to something unexpected, the 'keyhelp-toolbox' could not fall back to the default language and refused to launch
Fixed that validations on the 'Directory protection' page were performed twice
Fixed issues with activating a KeyHelp Pro license on KeyHelp systems installed between August 15 and August 22
Fixed that the 'Details' line in email notifications about Let's Encrypt issues was not compatible with the latest responses from the Let's Encrypt CA
Fixed various PHP notices

Miscellaneous

Added new pop-up type for the KeyHelp user interface
Ensured full compatibility with PHP 8.1 and additionally fixed numerous 'deprecated notices' etc. throughout the codebase
Refactored QR code generating class to be compatible with PHP 8.1
Refactored IPAddress class and added new features
Refactored Cloudflare IP Update class
Refactored Server class
Refactored the master cron job and moved some of its tasks to other files
Refactored the structure and creation of the vhost configuration
Implemented minor refactorings in various places
Made the card element in the user interface more flexible
Renamed all references like 'dir_protection' to 'directory_protection'
Renamed the Let's Encrypt environment and all references from 'Live' to 'Production'
Cleaned up all Twig template files
Ensured that KeyHelp's own temporary folder is always owned by the user keyhelp:keyhelp
Ensured that the home directory of a client account always receives mode 0755 on creation
Removed unnecessary HTML elements in the email message body when using the 'Email All Users' feature
Used additional macros to unify repetitive tasks within template files of the user interface

22.1.1 18 July 2022

22.1 13 July 2022

New Features / Added Content

Added new CLI tool 'keyhelp' to complement 'keyhelp-toolbox'

Improvements / Changes

Web server

Added option to change the Apache's Multi-Processing-Modul (MPM)
Default for new KeyHelp installations is now 'mpm_event' -> Improved performance
Improved parsing of the 'Apache Server Status' page to be compatible with any MPM module

Backup

On 'Backup' page, each 'Integrity check / Update statistics' from now on shows the increase/decrease of the repository size according to the previous run
Added a troubleshooting page where you can unlock a locked repository and remove pending operations

SSL/TLS certificates

Added option to specify alternative domain names (SAN) when creating a CSR
Shows secured domains by a certificate on the 'SSL/TLS Certificates' pages
Certificate components on the 'SSL/TLS Certificates' pages are now arranged more logically
Self-signed certificates are now signed using the sha256WithRSAEncryption signature algorithm

Email

Added option to define a custom logo, login logo and favicon for the Roundcube webmailer
Added option to enable spam and virus protection also for catch-all accounts
The Roundcube plugin 'markasspam' is now enabled by default (will only be updated if the content of the plugin input field has not already been altered)
Default mailbox folders have now been defined in the Dovecot configuration files, which should prevent mail clients from using their own folder names and so preventing the auto-learn/auto-expunge features from working correctly

CLI tools

Enhancement of the information displayed with 'keyhelp-toolbox -> System Information'
KeyHelp's CLI tools now get their required executable bit set during the control panel update routine -> This results in the tools being available immediately after a control panel update (the executable bit is also checked every 24 hours)

User interface

Added password reveal button also for password confirmation fields
Icons used as true/false indicators in the user interface could be misinterpreted as checkboxes/radio buttons -> revised all occurrences and introduced new indicators
Added QR code on the 'Connection data' pop-up on the 'Email Addresses' page to make it easier to set up email clients for Apple mobile devices
Improved EOL notification for operating systems with extended support period (Debian)
Improved whitespace wrapping behavior for the 'Username' column on the 'User Administration -> Administrator Accounts' page
Improved whitespace wrapping behavior for the 'Owner' and 'Domain target' column on the 'Domains' page
The notes icon for user accounts has been moved to the 'Owner' column, where it makes more sense than in the 'Domain' column
Updated the default rendering of text areas
Improved automatic resizing of text areas, which now also detects line breaks caused by very long input strings
Improved 'Admin Dashboard' UI; separation of the 'Server' box into 'Server Information' and 'Server Utilization'; updated information order based on relevance
Improved representation of diagrams throughout the KeyHelp user interface
Updated spacing between icons when used in combination with text
Improved wrapping of column contents on the 'SSL/TLS certificates' pages
Improved the content of various help texts to make them more useful and helpful

Added inodes statistics (total/used/free/share) to the 'Disk Overview' page
Increased memory_limit, max_execution_time and upload_file_size limits for KeyHelp's own PHP-FPM configuration, resulting in larger files can be uploaded via the file manager or larger databases can be imported via phpMyAdmin by default (this does not affect existing custom configurations)
Updated Cloudflare IP ranges to improve detection of the real user IP when Cloudflare is being used
Updated favicon settings for better compatibility with modern device features
Added event log message when Amavis configuration is updated by KeyHelp
The function for determining the footer icon has been revised so that it can now select from a number of specific icons within a given time frame, not just a single one
Increased the minimum disk space required to install an application using the one-click installer to ensure a smooth installation process
Demo mode | Various account settings of the default demo accounts can no longer be changed to prevent trolling
All third-party tools downloaded during installation/update routines are now hosted on our own servers to ensure a smooth installation experience
Files with mime type 'application/json' but without .js extension can now be viewed with the file manager editor (e.g. *.js.map)
Updated FollowSymLinks directives to SymLinksIfOwnerMatch in existing .htaccess files below /home/users/ for cases not covered by the latest 22.0.1 update (case-insensitive)
Added a 'Customize view' option to 'User Administration -> User accounts' to show/hide columns displaying used disk space by web, database and email
The number of requests for HTTP, FTP, SMTP and POP3/Imap is now also recorded as part of the traffic statistics
Updated the `Client Area -> Statistics' page; improved the user interface and now also shows how much traffic was generated in the current month, separated by the protocol used
When performing a non-interactive installation and using the --admin-username parameter, the validation did not use the regular validation method for control user accounts and therefore may not allow usernames that would otherwise be ok when creating a control user via the user interface
Added option to change calculation base and prefixes for byte values via 'Configuration -> Units & Formats' as desired
On edit pages, byte values can now be entered in smaller units (e.g. byte, kilobyte)
Byte prefixes are now displayed as binary prefix instead of decimal prefix on new installations
Improved the maximum file size note on file manager to work with either byte calculation base 1000 or 1024
The 'Maximum file size' hint in the file manager has been improved to work with either 1000 or 1024 byte calculation base

API Changes

Added API endpoint [GET] /clients/<ID>/traffic to query for traffic statistics
When querying certificates via the /certificates/ endpoint, a list of domain names secured by the certificate is now returned as part of the response
If a control panel update is in progress, API requests are denied (Response: 503 - Control panel update in progress - try again later.)
Bump API version to 2.3

Tool Updates

Roundcube 1.5.3 (Only Debian 10 / 11, Ubuntu 20)
PhpMyAdmin 5.2.0

Vendor Library Updates

Restic 1.13.1
Rclone 1.58.1
Font Awesome 6.1.1
PHPMailer 6.6.3
phpseclib 2.0.37
CodeMirror 5.65.6
Chart.js 3.8.0
Monolog 2.7.0
Moment.js 2.29.4
Bulma 0.9.4
Twig 3.4.1
TwoFactorAuth 1.8.2
symfony/yaml 5.4.10
symfony/polyfill-ctype 1.26.0

Translations

Updated Arabic (100%) | Thanks to Mohammed Al Shamlan
Updated Brazilian Portuguese (100%) | Thanks to Rogério Borba
Updated Catalan (100%) | Thanks to Otmar Schuster
Updated Chinese (traditional) (100%) | Thanks to Wu Ru Kang
Updated English (100%)
Updated French (100%) | Thanks to Chris Mehl
Updated German (100%)
Updated Indonesian (100%) | Thanks to A. Doole
Updated Italian (100%) | Thanks to Alessandro Daniele
Updated Norwegian (100%) | Thanks to Eirik Sikveland
Updated Polish (99%) | Thanks to Grafidea
Updated Spanish (100%) | Thanks to Otmar Schuster
Updated Swedish (100%) | Thanks to Marwin Gripenfrost
Updated Turkish (100%) | Thanks to Serkan Türkkan
Fixed several typos in the base language
Fixed incorrect plural format setting for various languages
Fixed that base language accidentally contained translations, which caused translation coverage calculations to be slightly off
Removed unused texts from the base language

Fixes / Imperfections

Fixed usernames on the 'Active Sessions -> System User Sessions' page being truncated after 8 characters
Fixed incorrect behavior of Firefox browser on 'Files and Directories' text areas on 'Backup' pages
Fixed KeyHelp Pro license checks were performed twice
Fixed that one could not use an email address / rname with a '+' sign for the 'Email address of responsible person (RNAME)' field
Fixed that sorting by contact name did not work on 'User Administration -> User Accounts' page
Fixed that the feature 'Anonymize IP addresses' on the page 'Event Logs' did not work
Fixed that when installing on IPv6-only machines, the 'Configuration -> Email Server -> Postfix: Accepted protocols' field was not correctly set to 'all'
Fixed an issue with displaying active jails on the 'Fail2Ban Management' page
Fixed a validation error for CAA resource record in DNS editor and /dns/ API endpoint
Fixed an incorrect error message when using the /login/ API endpoint in case the SSO login token could not be saved correctly
Fixed an issue when a certificate's organizational unit data on the 'SSL/TLS Certificates' page contained an array instead of a string
Fixed an error that occurred when a database belonging to root was restored and the database did not exist within the database server
Fixed an issue with self-signed certificates when accessing a page with a macOS >= 10.15 system - the browser security message could not be bypassed because the 'extendedKeyUsage' parameter was missing from the certificate
Fixed the clock on the 'Admin Dashboard' to now display the time format according to the selected language
Fixed that when performing an OS upgrade from Debian 10 to Debian 11, the secure chroot environment updater could cause error messages during the OS upgrade as it was unable to update outdated symbolic links
Fixed a problem where if a user with a domain with SNI enabled was automatically deleted via the automation feature and later had its certificates removed due to auto cleanup, the SNI configuration was not updated, resulting in Dovecot not being able to restart when shut down
Fixed that byte values could show the wrong decimal separator for the selected language
Fixed that if virus scanning was disabled server-wide (email settings) and a user had previously enabled virus scanning for the email account, the corresponding checkbox was disabled but still showed a check mark
Debian 11 | Fixed that an interrupted file transfer could not be resumed due to missing configuration options in /etc/proftpd/proftpd.conf

Miscellaneous

Removed Debian 9 from the list of supported systems

Prevents installation on Debian 9 systems
Removed deprecated Debian 9-specific code
Removed workarounds and code maintained for compatibility with PHP 5.6 / PHP 7.0
Utilized various features of newer PHP versions that could not be used until now

Removed a workaround for Safari browsers as an issue with table headers was fixed with the Bulma update
Removed code that only served to ensure a smooth update process from KeyHelp 21.3 to 22.0
Refactored load average gathering and calculations
Refactored maintenance job 'Update statistics'
Refactored internal structure of maintenance job 'Update'
Refactored maintenance job 'Control Panel Update'; reduction of complexity
Refactored FTP/Dovecot/Postfix/ApacheLogAnalyser classes
Refactored the Internationalization class and enhanced features
Refactored the CLIMenu class
Refactored the CLI class and enhanced features
Refactored Bytes class used for displaying and calculating byte values
Replaced the two links to admin and client documentation in admin area with a single link
Improved internal functions of the one-click installer
Improved the way amavis configuration files are written
Improved SQL queries for Dovecot
Improved JavaScript code, removal of duplicates, etc.
Renamed all internal references from 'user' to 'client'
Renamed all files named 'user_*' to 'client_*'
Ensured correct color codes for SVG footer icons
Ensured that symlinks within /home/keyhelp/www/ are always owned by the user 'keyhelp' instead of 'root' when switching between webmail or database administration tools
Updated naming of the firewall default rules
Updated all database fields that previously stored kilobyte values to now store byte values
Updated default settings for text areas
Updated Easter eggs
Streamlined service names for 'Server Service Management'
Unified the installation routines of the email protection for Debian 11 with those of the other supported operating systems
Added note for abandoned translations under 'Configuration -> Languages'
Added various polyfill functions to be able to use newer PHP functions on older operating systems

22.0.1 03 June 2022

22.0 24 March 2022

New Features / Added Content

Added SNI support for MTA (Postfix) and MDA (Dovecot)
Added 'Bulk Operations' feature to provide a way to perform bulk operations within the KeyHelp UI (Currently available: Update PHP interpreter settings; Rewrite configuration files)
Added feature to call the phpinfo() within the KeyHelp UI according to the user's PHP settings
Added email HTML design template feature to white label the HTML code and signature of KeyHelp notifications
Added new options for handling unavailable / disabled domains
Added Norwegian translation | Thanks to Eirik Sikveland

Improvements / Changes

Massive speed improvements for all KeyHelp components, resulting in page load times 2.5 to 3.5 times faster than before, AJAX and CLI operations also benefit
Encouraging the use of the more secure SSL/TLS over STARTTLS in email autoconfiguration and texts
Added message of the day for Debian systems
Added notes for using 'rclone config' for custom repository storage configuration
Added notes on how to call additional PHP interpreters via CLI
Added software version number for the following services on admin dashboard: Restic, Rclone
Enabled the view option 'Show subdomains' by default for the domain page in the admin area
Updated the default PHP memory_limit to 128 MB
Updated the configurations structure for Dovecot within /etc/dovecot/
Improved error messages in case issues occurred during backup restore
Reviewed all icons and updated those that are no longer suitable or could cause irritation
Enabled HSTS for KeyHelp panel URL
Added notes about max_message_size in email settings and warn about possible misconfigurations
Added new 'Email Design Template' feature to 'Import/Export Settings' feature
Updated the Restic download URL to enable smooth installation on IPv6 servers
Removed the dropdown menu for the domain forwarding destination address
Enabled port 465 to be used for email configuration
Various improvements and enhancements to the display of information in the connection data pop-up
KeyHelp client usernames like 'yes', 'true', 'no', 'null', ... are not allowed to be used from now on, because they are interpreted as boolean values by PHP-FPM and cause PHP-FPM to stop
Added configuration examples for custom repository storage configuration
Updated the position within the navigation of the 'Server Service Management' item
Added a preview function to 'Domain Default Page' configuration
Email test feature (on 'Email Notifications' and 'Email All Users' pages) can now be sent to multiple email addresses at once
Email notifications sent by KeyHelp now appear in visually appealing design by default
Added version information for the installed software (as seen on the 'Admin Dashboard') to the 'Show info' part of the 'keyhelp-toolbox'
Updated the usability of the 'Subdomain Catch-All' feature, it should now be easier to find and to understand
Updated MariaDB configuration value 'table_definition_cache' in tuning.cnf to 8196 on systems with more than 2 GB RAM
Changed the behavior that deactivated client accounts did not receive emails from KeyHelp notification systems; they now receive notifications
Added improvements to the One-Click Installer, which can now also install applications with a special folder structures (more applications will be released soon)
Added the repository name to the subject line of the 'A backup operation has finished' notification
Improved user interface on the 'Domain Default Page'
Added various improvements to the KeyHelp pre-installation script
Reworked KeyHelps internal cron tasks system, implemented various improvements and increased debug capabilities of KeyHelps background tasks
Improved the KeyHelp installation system capabilities, so that duplicate code could be removed, etc.
Improved hints on 'Hostname' configuration page
Improved error messages when trying to use an outdated/deactivated/already used KeyHelp Pro license, with reference to the appropriate support channel
Implemented new system where placeholders are replaced even if they are incorrectly formatted; this also applies to custom email texts
Improved detection routines for CPU and CPU properties

API Changes

The /server endpoint now returns the version number of 'bind', 'amavis', 'spamassasin', 'clamav', 'openssl', 'curl', 'rclone' and 'restic' within its 'components' field

Tool Updates

Roundcube 1.5.2 (Only Debian 10, Debian 11, Ubuntu 20)
Roundcube 1.4.13 (Only Debian 9, Ubuntu 18)
PhpMyAdmin 5.1.3 (Only Ubuntu 18.04 / Ubuntu 20.04 / Debian 10 / Debian 11)
PhpMyAdmin 4.9.10 (Only Debian 9)

Vendor Library Updates

Rclone 1.58.0
Font Awesome 6.1.0
PHPMailer 6.6.0
phpseclib 2.0.36
CodeMirror 5.65.2
Chart.js 3.7.1
TinyMCE 5.10.2
Monolog 1.27.0

Translations

Added Norwegian translation | Thanks to Eirik Sikveland
Updated Arabic (100%) | Thanks to Mohammed Al Shamlan
Updated Brazilian Portuguese (100%) | Thanks to Rogério Borba
Updated Catalan (100%) | Thanks to Otmar Schuster
Updated French (100%) | Thanks to Chris Mehl
Updated Indonesian (100%) | Thanks to A. Doole
Updated Italian (100%) | Thanks to Alessandro Daniele
Updated Polish (100%) | Thanks to Grafidea
Updated Spanish (100%) | Thanks to Otmar Schuster
Updated Swedish (100%) | Thanks to Marwin Gripenfrost
Updated Turkish (100%) | Thanks to Serkan Türkkan
Updated German (100%) / English (100%)
Added missing Polish translation to the WYSIWYG editor on 'Email All Users'
Fixed various spelling mistakes in English base language
Fixed various issues in email notifications with placeholders in several community translations due to incorrect formatting of placeholders so that they could not be replaced correctly

Fixes / Imperfections

Fixed a MariaDB/MySQL error when terminating an active control panel session on the 'Active Sessions' page
Fixed an issue with Safari browser when using textarea placeholders with line breaks
Fixed an issue where the CPU model could not be correctly determined on special system architecture
Fixed an issue where an IPv6 address could not be used as the value for the host for a remote backup repository (error message: 'too many colons in address')
Fixed an issue where an existing repository storage configuration could not be switched to a different storage type in certain cases
Fixed an issue where the path part of a URL was accidentally appended to the domain when accessing a non-existent domain -> causing the KeyHelp login area to be displayed
Fixed an issue when changing the web server ports, the new port was not appended to the web mail / phpMyAdmin URLs in the navigation and the panel URL in email notifications
Fixed an issue with custom backup storage type configurations when using multiple '=' characters in one configuration line
Fixed an issue that occurred when two users tried to acquire a Let's Encrypt certificate and the first was successful, but the second was not, then the first user's web server configuration file was not updated
Fixed an issue converting lowercase special characters to uppercase (e.g. French: 'SUCCèS' instead of 'SUCCÈS')
Fixed incorrect escaping of character '_' when using GRANT MariaDB/MySQL command
API | Fixed CNAME validation in /dns endpoint
API | Fixed an issue in /domains endpoint when trying to set the field 'id_certificate' to > 0 and having the field 'lets_encrypt' with 'false' also in the request -> resulting that no certificate being assigned

Miscellaneous

Removed unused files from KeyHelp installation directory
Refactored EmailAccounts class
Removed the last 386-arch conditions as this architecture is no longer supported
Improved capabilities of the User class
Refactored and cleaned up triggering of scheduled operations within KeyHelp background operations
Revised functions for generating HTML code
Updated http:// to https:// where possible (e.g. ClamAV additional signature URLs, ...)
Added dummy license.txt to the installation package of KeyHelp, which should help in debugging certain cases
Refactored code used when a client gets disabled
Various code cleanups

21.3 14 December 2021

New Features / Added Content

Added Fail2ban management
Added system for maintaining black/white lists of email senders in terms of spam tagging
Added Polish translation | Thanks to Grafidea

Improvements / Changes

New backup system

Added support for custom remote backup storage configurations that support any of the remote storage technologies supplied by Rclone, as well as additional configuration parameters
Added option to disable the old backup management (this setting is enabled by default on new installations)
Added option to back up and restore databases not assigned to any user / not created by KeyHelp
Added additional explanatory text when restoring files and directories to an alternate path
Added option to prohibit setting up local repositories for user accounts
The 'Prune' backup operation is now automatically triggered when the 'Save' button is clicked on the repository settings page and the maximum snapshot count was set lower than the current snapshot count
Storage type Dropbox | Administrators can configure a custom Dropbox app to white-label the Dropbox authentication screen
Storage type Dropbox | KeyHelp is now an officially approved Dropbox app, so the warning on the Dropbox authentication screen has disappeared
Storage type FTP | Implemented a new setting to handle concurrent FTP connections
Storage type FTP | The 'Do not verify the TLS certificate of the server' option has moved to 'Advanced settings'

Security

Updated to more secure salt generation when generating passwords
Updated to more secure password algorithm for directory protections and web statistics, now using bcrypt instead of Apache's default apr1
Updated to more secure password algorithm for email passwords, now using bcrypt for Dovecot >= 2.3; increased cost/rounds for Dovecot < 2.3 systems
Updated to 'Permission-Policy' header replacing the old 'Feature-Policy' header
Updated the change password plugins in both RainLoop and Roundcube webmailers to generate more secure passwords when changing the password via web mailer

Session management

Session management has been completely rewritten
Added option to disable the 'Lock session to IP address' feature (so KeyHelp is usable again for people with variable IPs)
Removed Session information from URL, so it is now safe to share a URL and having 'Lock session to IP address' turned off
Massively improved session ID entropy and length (not for Debian 9)
Updated 'Login as client' feature to match the implemented session system changes - added a button to switch back to the admin session within client area
Unauthorized access to pages or calling nonexistent pages is redirected to the currently active dashboard instead of the login page
Active session page now displays sessions that have been started but where the user is not yet fully logged in (2FA)
Active session page now also shows which admin account is logged in as a specific client

Admin dashboard

Display server virtualization method
Added software version number for the following services: Bind, SpamAssassin, Amavis, ClamAV, Curl
Added system for slow response times when querying for version numbers

Apple email auto-config

Better profile import user experience on macOS using the normal and universal configuration profiles
Better profile import user experience on iOS/iPadOS devices when using the universal configurator
Updated wording of configurator fields to make their purpose clearer

Email server settings

Settings reorganized to categorize them according to their purpose
Added option to change the Postfix 'inet_protocols' (= accepted protocols) setting
Improved description texts and user interface on the settings page

Added option to select a default PHP version which will then be used for all new domains
Added 'Apply' button for file manager edit screen to allow easier file manipulation, also bind [CTRL]+[S] keyboard shortcut to this button
Added button to easily enable/disable port monitoring on admin dashboard
Added 'After server reboot' (@reboot) to the 'Schedule' drop-down on scheduled tasks page
Added monitoring for Amavis where in case of stuck Amavis ('Connection refused') it is restarted - check is performed every 12 hours
Added '/pma' as alias URL for phpMyAdmin
Added search function on email accounts page
One can now expand and collapse the email account boxes on the email accounts page
One can now insert a '/0' net mask (= any IP address) in fields where a net mask is allowed
IonCube loader updated to version 11.0
Prevent browsers from autofilling 2FA code fields on login and profile page
Speed up various Ajax requests by removing duplicate loading of resources
General performance improvement of KeyHelp user interface by removing unnecessary output buffering (thanks to new session management)
Improved load balancing for maintenance intervals when querying KeyHelp servers (repo-update/panel-update)
One can now add multiple 'Prohibited Domains' at once
Updated the server virtualization reading method to enable more features
Dark mode | Color adjustments for modal pop-ups
Dark mode | Color adjustments for collapsing main navigation and background colors

API Changes

The API now handles domain creation as it is handled in the user interface (by default): When a subdomain is created, the PHP interpreter version of the main domain is used as default (unless specified otherwise), instead of the default OS version - it also respects the new default PHP version feature
One can now set up custom HTTP and HTTPS directives via the '/domains' endpoint

Tool Updates

Roundcube 1.5.1 (Only Debian 10, Debian 11, Ubuntu 20)
Roundcube 1.4.12 (Only Debian 9, Ubuntu 18)
Updated Roundcube's config structure

Vendor Library Updates

Rclone 1.56.2
Tippy.js 6.3.7
Popper 2.10.2
CodeMirror 5.64.0
TwoFactorAuth 1.8.1
Chart.js 3.6.2
Perfect-Scrollbar 1.5.3
phpseclib 2.0.35
PHPMailer 6.5.3

Translations

Added Polish translation | Thanks to Grafidea
Updated Arabic (100%) | Thanks to Mohammed Al Shamlan
Updated Brazilian Portuguese (100%) | Thanks to Rogério Borba
Updated Catalan (100%) | Thanks to Otmar Schuster
Updated Chinese (traditional) | Thanks to Wu Ru Kang
Updated French (100%) | Thanks to Chris Mehl
Updated Indonesian (100%) | Thanks to A. Doole
Updated Italian (100%) | Thanks to Alessandro Daniele
Updated Spanish (100%) | Thanks to Otmar Schuster
Updated Swedish (100%) | Thanks to Marwin Gripenfrost
Updated Turkish (100%) | Thanks to Serkan Türkkan
Updated German (100%) / English (100%)

Fixes / Imperfections

Fixed that the Let's Encrypt staging environment could not receive certificates ('Method not allowed')
Fixed that TMPFS was accidentally enabled when running the repo-update maintenance job, even though it was marked as disabled in the KeyHelp UI
Fixed that a RainLoop configuration file that contained a password was not set to permission mode 0600 during installation
Fixed reading the correct amount of system RAM during installation if certain conditions were met -> caused KeyHelp to make wrong decisions during installation (ClamAV was set to disabled)
Fixed CNAME validation blocking valid names on DNS editor page
Fixed possible SQL injection in RainLoop webmailer
Fixed that not all port monitoring records on 'Service/Port Monitoring on Dashboard' could be deleted due to a bug in the JSON validation checks
Fixed that an error message is displayed instead of a 500 error if the storage configuration of the repository could not be decrypted
Fixed that backup repositories whose storage configuration could not be decrypted could not be deleted
Fixed that it was possible for client accounts to access email account pages without having the appropriate permissions
Fixed that after a hostname renaming operation, Amavis still reports the old host name in the mail header
Fixed that in case of an error creating the SSH key pair (new/old backup system) it was not displayed
Ubuntu 20, Debian 11 | Fixed a PHP notice when using the API endpoint '/directory-protections'
Ubuntu 18/20| Fixed error when installing 'Backup tools' and man-db was not installed on the server
Debian 11 | Fixed that spam tagging of emails with ***SPAM*** did not work due to insufficient file permissions of Amavis
Ubuntu 20, Debian 10/11 | When logrotate is running, /etc/ is mounted read-only, which resulted in AWStats configuration files needed to generate statistics not being written to /etc/awstats, which resulted in the KeyHelp's php-error.log being filled with warning messages

Miscellaneous

Updated order of elements in main navigation
Removed accidentally placed CSS folder in KeyHelp directory
Improved cURL class with new features
Button animation now works with all types of buttons, not just 'is-link'
Refactored AjaxRequest class
Hid little Easter egg
Updated menu item labels / headlines on configuration pages
Rearranged various buttons to be in a more logical order
Updated SSH support key 'from' parameter
Removed Hungarian translation by B. Doka for KeyHelp Build number < 2306
Ensured correct file ownership of /etc/fail2an/jail.d/keyhelp.local for upcoming features
Moved various event messages from the event translation file to the scoped translation file
Updated password hashing and verification methods
Renamed various labels to be easier to understand

21.2 14 September 2021

New Features / Added Content

Added support for Debian 11
Added API endpoint for admin account management
Added import/export feature of control panel settings (API, hosting packages, email notification and white label settings)
Added management for separate additional HTTP and HTTPS Apache directives
Added Traditional Chinese translation | Thanks to Wu Ru Kang
~~Added Hungarian translation | Thanks to Balint Doka~~ Removed in Build 2306

Improvements / Changes

New backup system

Improved stability to the process management class which performs backup operations to address deadlocks in PHP that caused operations to hang indefinitely
During the installation process it is now ensured that all prerequisites for the installation of the backup system (bzip2) are installed on the server to avoid installation errors during 'Backup' step
Show statistics for each snapshot (on the restore page)
Added new 'Preparation' state to a backup job that shows progress information during the preparation phase of a backup run
Added additional information to the email notification about a completed backup: Destination repository, username, backup type
Added the mentioned placeholders to the 'A backup operation has finished' email notification
When an automated backup job is triggered, this is now logged in the event logs
When performing a full backup as an admin, the tmp/ folders of the user accounts (/home/users/*/tmp/) are now excluded to prevent issues with volatile data in these directories
When performing a full backup as a user, the tmp/ folder is now excluded to avoid issues with volatile data in this directory
When performing a full backup as a user, the files/backup/ folder (the default location for local backup repositories) is now excluded to prevent the backup from getting larger with each snapshot
Made it clearer what kind of path (absolute/relative) is expected when restoring to an alternate path in the admin and user areas
Added the directory explorer to the input field for restoring to an alternate path in the user area
Improved wording in various areas of the new backup system
Enhanced the debugging features of the new backup system
Adding a summary line after a backup process completes (when the backup process is run manually)
Increased the number of most recently logged errors to 15
The repository list on the backup restore page is now sorted by name

Improved directory structure of user home directories

Removed the obsolete cgi-bin/ folder
Created new default .local/, .cache/, .config/ and .bash_history file to minimize problems when being logged in via SSH and not using the 'Restricted SSH environment'
Improved file privileges to be more secure

Added a note under 'Configuration' -> 'Backup' to indicate which backup system the settings apply to
Added information about the total consumed disk space of email accounts on the email accounts page (consumption per account and total consumption)
Added information about the total consumed disk space by databases on the database page
Improved CNAME validation in DNS editor
Improved 'Is a reboot required' checks, which should now be more accurate across all supported operating systems
Improved descriptions when creating a domain to make it easier to choose the right hosting type
Added loading animation to buttons on the email notification page
The license management configuration page is now only accessible for main administrators
When contacting the KeyHelp Pro license server, a more secure communication is used
Dark mode | Implemented improvements to the scroll bar of the main navigation, which now fits better into the design of the dark mode
Dark mode | Color adjustments for success, warning and error colors and event messages to improve readability and appearance
Alternate SMTP | Improved debug output when configuring an alternate SMTP server for email notifications
Alternate SMTP | Added timeout when setting up an alternate (incorrect) SMTP server

API Changes

Added API endpoint for managing admin accounts
Prevent passing max_size values of less than 1 MB for the 'emails' endpoint

Tool Updates

Roundcube 1.5-rc, including dark mode (Only Debian 10, Debian 11, Ubuntu 20)

Vendor Library Updates

TinyMCE 5.8.2
Chart.js 3.5.1
Rclone 1.56
Restic 0.12.1
Font Awesome 5.15.4
CodeMirror 5.62.3
PHPMailer 6.5.1
phpseclib 2.0.33
Perfect-Scrollbar 1.5.2
Handlebars 4.7.7

Translations

Added Traditional Chinese translation | Thanks to Wu Ru Kang
~~Added Hungarian translation | Thanks to Balint Doka~~ Removed in Build 2306
Updated Arabic (100%) | Thanks to Mohammed Al Shamlan
Updated Brazilian Portuguese (100%) | Thanks to Rogério Borba
Updated Catalan (100%) | Thanks to Otmar Schuster
Updated Indonesian (100%) | Thanks to A. Doole
Updated Italian (100%) | Thanks to Alessandro Daniele
Updated Spanish (100%) | Thanks to Otmar Schuster
Updated Swedish (100%) | Thanks to Marwin Gripenfrost
Updated Turkish (100%) | Thanks to Serkan Türkkan
Updated German (100%) / English (100%)
Removed Czech and Bosnian translations due to inactivity

Fixes / Imperfections

New backup system

Fixed that after performing a backup (as admin), a notification email was not sent if the keyadmin no longer existed
Fixed a PHP deadlock that could occur during the 'Prune repository' operation causing the operation to hang infinitely
Fixed a PHP deadlock that could occur during the 'Restore backup' operation causing the operation to hang infinitely
Fixed calculation for saved storage space of backup repositories - This only works for snapshots created from KeyHelp 21.2 onwards, as in 21.1 snapshots were saved without size information. Since snapshots are automatically deleted over time, this will be automatically corrected after a few days (depending on the maximum snapshot settings)
Fixed an issue where user accounts could define an alternate restore location for directories they did not have write access to (the restore process was subsequently aborted)
Fixed a problem where an rclone command printed text where it should be silent

Fixed an issue with the PHP interpreter update job that caused it to run infinitely on a small number of servers
Fixed an issue where it was possible to enter an invalid mailbox size for email accounts via the user interface
Fixed an issue where the web server could not be reloaded due to incorrect syntax when a domain redirect was created and the destination URL contained a space
Fixed a startup error when calling the 'keyhelp-toolbox' and /etc/default/locale was set to something unexpected
Fixed support user being incorrectly included in language usage calculations
Fixed wrong message 'failed to send mail' in log of old backup system
Fixed wrong texts in the installation interface

Miscellaneous

Removed obsolete Ubuntu 16 code
Removed fastcgi configurations as they are no longer needed
Cleaned up web server installation routines
Removed obsolete settings from `settings` database table
Refactored command class for calling system commands
Refactored database class -> now uses an improved interface
Refactored scheduled tasks class -> now uses an improved interface
Revised domain delete process
Removed obsolete files from installation templates
Removed obsolete functions
Moved default PHP settings from `settings` table to `php_settings` table
Revised all white label related field / table names in database
Renamed database table `template_account` to `account_templates`
Removed import/export feature from the white label configuration page in favor of the new 'Import/Export Settings' feature
When using Russian language, the navigation item 'Support Forum' now always leads to https://community.keyhelp.de instead of a forum selection page
Fixed wording about old backup system to make it clearer what purpose is still serves

21.1 12 July 2021

New Features / Added Content

Added a new backup system

Create incremental backups
Set up any amount of backup repositories with storage types such as: Local, FTP(S), SFTP, Dropbox, WebDAV
Set up any amount of scheduled backup jobs
Define which components should be included in the backup
Define which components should be restored
Massive reduced backup creation time
Massive reduced CPU usage
Massive reduced disk space consumption when preparing the data to be backed up

Added a new email notification system

Completely new UI and configuration options
Added all event notifications which were previously not handled by the old system
Added option to define a separate SMTP server for sending KeyHelp notifications over this connection
All configuration settings for notifications are now bundled in one place

Added new file manager features

Added option to download from a URL directly to the client's web space
Added option to create .zip, .tar, .tar.gz archives

Added Indonesian translation | Thanks to A. Doole
Added simplified Chinese translation | Thanks to Lingyu
Active email server sessions can now be monitored within the UI
Added option to update nameserver settings within the UI
Added option to switch between months in AWStats statistics page

Improvements / Changes

Added support for MariaDB 10.4 and 10.5
Restored full support for systems using recent MySQL instead of MariaDB
Added a welcome info box on admin dashboard after installation showing important notes
Disk overview page now also shows temporary file systems
Improved performance when collecting database server information
The PHP configuration field 'session.save_path' is no longer a fixed value within the PHP-FPM configuration - it can now be overridden by ini_set() - (you probably need to trigger a rewrite of the PHP-FPM user configurations files to make this fix work)
Increased default sha512 password encryption rounds to 100,000
Rearranged menu items on configuration page, added more categories
Let's Encrypt local resolving checks can now be disabled
Let's Encrypt error messages are now more readable, important information is highlighted
Improved help texts on the Let's Encrypt settings page
Improved event texts which are emitted in various situations
Improved indication of the keyhelp-toolbox throughout the UI
Updated style and content of message of the day
Database remote access is now supported for IPv6 addresses (using '::' instead of '0.0.0.0' as value for 'bind-address')
If there were syntax errors in bind configuration files, they are now reported in the event logs / cron job logs
Improved bind configuration syntax check in DNS editor UI and DNS editor API endpoint - will now catch a lot more configuration errors than before
Improved appearance of the DKIM pop-up on DNS editor and domains page - both pop-ups are now identical
Improved user experience when accessing the DKIM pop-up on DNS editor page
When setting the PHP value max_execution_time to 0 in the user settings, the timeout is now set to the maximum allowed number 2147483647 (previously 9999)
When domains and subdomains are set to 0 for a client and no domains are assigned to him, the 'Domains', 'Directory protection', 'Web Statistic' pages are now hidden / inaccessible
Performance improvements for all pages in the user area by using a faster approach for the access control system
Colored status icons for resource object tables
Streamlined 'Email All Users' page - fewer input fields are required as the settings now also use the new email notification system
Localized messages in case of errors while sending test emails ('Email All Users' and 'Email Notifications' configuration page)
All settings related to email notifications can now be found on the new configuration page

Removed the 'SSL/TLS certificate notifications / Alternate email address' field from the 'SSL/TLS Certificates' configuration page
Removed the 'Notification on traffic exceedance' field from the 'Notification' configuration page
Removed the 'Send `Email account has been setup successfully` notification' field from the 'Notification' configuration page
Removed the 'Notification' field from the 'Antivirus Scanner' configuration page

Disk usage page improvements

Hugh performance increase
Allows fast navigation between directories
Size and inodes can now be loaded on the fly
Changed sorting to sort-by-name instead of sort-by-size to provide a consistent overview

File manager improvements

When copying or moving files / directories, you can now also specify a non-existent destination directory, all required directories will be created
When uploading files, longer file names are now displayed
Added loading animation to all submit buttons
Added file type indicator for .csv files

API Changes

Added 'login' endpoint to generate login URLs to easily log into a user account by calling a URL
A field 'password_hash' is now part of the endpoints /clients/, /emails/, /ftp-users/, /databases/, /directory_protections/, which can be used to read or set the password via password_hash - the 'password_hash' field inside [GET] requests has to be enabled in API settings
Removed parentheses in case of reported errors in DNS syntax when using the /dns-editor/ endpoint
Documentation update: Added note on DKIM_RECORD_VALUE
Documentation update: Added missing fields 'scheduled_tasks' and 'directory_protections' for /clients/{id}/resources endpoint
Documentation update: Increased readability by using highlighting for all field names
Bump API version to 2.0 (v2 is fully backwards compatible to v1, beside the breaking changes below)
Breaking changes in 2.0: [GET] /certificates/ - Output format changed
Breaking changes in 2.0: [PUT/POST] /certificates/ - Certificate components are now specified within the 'components' field

Tool Updates

PhpMyAdmin 5.1.1 (Only on Ubuntu 18.04 / Ubuntu 20.04 / Debian 10)
RainLoop 1.16.0
Adminer 4.8.1 / Theme: 1.7.1

Vendor Library Updates

Bulma 0.9.3
Font Awesome 5.15.3
CodeMirror 5.62.0
PHPMailer 6.5.0
TinyMCE 5.7.1
Chart.js 3.4.0
psr/log 1.1.4
monolog/monolog 1.26.1
phpseclib 2.0.32

Translations

Added Indonesian translation | Thanks to A. Doole
Added simplified Chinese translation | Thanks to Lingyu
Updated Arabic (100%) | Thanks to Mohammed Al Shamlan
Updated Brazilian Portuguese (100%) | Thanks to Rogério Borba
Updated Catalan (100%) | Thanks to Otmar Schuster
Updated French | Thanks to Sasa Pajic
Updated Italian (100%) | Thanks to Alessandro Daniele
Updated Russian (100%) | Thanks to Stefan Gross
Updated Spanish (100%) | Thanks to Otmar Schuster
Updated Swedish (100%) | Thanks to Marwin Gripenfrost
Updated Turkish (100%) | Thanks to Serkan Türkkan
Updated German (100%) / English (100%)
Fixed issues with placeholders of email notification message texts in Italian and Brazilian Portuguese language

Fixes / Imperfections

Fixed double-encoded error messages of Let's Encrypt errors that may occur during 'Maintenance of SSL/TLS certificates' (used for email notifications)
Fixed that when calling a non-existent PHP file, the 'File not found' page was issued by the PHP handler instead of the Apache web server, causing .htaccess not to be interpreted (you probably need to trigger a rewrite of the Apache user configurations files to make this fix work)
Fixed that one no longer can enter values greater than 2147483647 for the PHP value 'max_execution_time', which would otherwise lead to an Apache syntax error when writing the configuration file
Fixed incorrect rate calculation of email accounts on maintenance interval 'Calculate disk space', when there were no email directory found
Fixed that the parser for pending server updates threw an error when there were no server updates present
Fixed an issue of missing table borders when a tooltip pop-up was shown on the last row of a table
Fixed missing 'URL' label when adding / editing scheduled tasks
Fixed a color issues with highlighted table rows in dark mode
Fixed sorting for directories in the directory explorer when there were directories that started with a special character
Fixed invisible error messages when running in debug mode
Fixed that when switching between languages in the 'keyhelp-toolbox', some strings could remain in the previous language
Fixed that IP anonymization in AWStats did not work for the period from the date of the last log rotation (last month) to the first day of the next month
Fixed that rotated backup logs might not be deleted when the user account they belong to was deleted
Fixed an incorrect error message when a required directory could not be created during master cron job execution
Fixed that the application installer logs were not included in the list of files to apply log rotation to
Fixed a PHP notice when calling the API endpoint [POST] /clients/ without specifying the 'username' field
Fixed that in case of configuration problems in the MySQL / MariaDB configuration the version / server type could not be determined correctly, which could lead to errors later on
Fixed double-encoded username on login page when a wrong username was specified
Fixed URL encoding of URL parameters on login page in case of redirection
Gathering information about all mounted disks was made more robust in order to not crash on unexpected file systems, which could cause backups to cancel at 2% progress
Debian 9 | Fixed that reloading PHP-FPM could crash the daemon in certain cases (e.g. when switching between RainLoop - Roundcube or Adminer - phpMyAdmin)
Debian 10, Ubuntu 20 | Fixed invalid AWStats statistics for Saturdays on Debian 10 / Ubuntu 20 systems - the timing for applying the log rotation was changed by OS vendors, this could get in conflict with KeyHelp's AWstats statistics generation

Miscellaneous

Dropped support for Ubuntu 16 systems
Refactored FTP user class -> now uses an improved interface
Refactored directory protection class -> now uses an improved interface
Refactored AWStats statistic generation
Refactored and added new features to paging generator class
Refactored status property handling for all resource objects
Enhanced cURL class with new features
Added new features to Twig form macros
Removed old firewall management and therefore removed the old theme completely
Removed texts that are no longer needed
Improved wording in various places
Cleaned up master cron job file and separate code components to more appropriate locations
Improved jump-to-tabs-with-invalid-form-fields now also works with multiple forms and tabs on one page
Unified appearance of modal pop-ups throughout the UI
Fixed spelling mistakes
Hiding little Easter egg
Updated schedule settings on 'Maintenance of SSL/TLS certificates' maintenance interval (only Keyweb)

21.0 16 March 2021

New Features / Added Content

Added new dark mode user interface (Only KeyHelp Pro)
Added new event logging system, now also logs events of user interactions within the user interface
Added mounted devices overview page
Added support for right-to-left languages
Added possibility to add additional binaries / files / folders for restricted SSH chroot environment (Only KeyHelp Pro)
Added Arabic translation | Thanks to Mohammed Al Shamlan
Added Czech translation (Preview) | Thanks to onlepes
Added option to change Apache log format via user interface
Added option to enforce mailbox size - added a warning notification that is sent to corresponding email accounts when their mailbox is almost full
Added exclude list to virus scanner
Added option to manage custom virus definition signatures to increase detection rate (new installations came with a set of predefined signatures)

Improvements / Changes

Added info page to keyhelp-toolbox
Added auto-resize to DNSBL / DNSWL input fields
Added shortcut to webmailer on email page also when Rainloop is the default webmailer
Added waiting period to regularly running maintenance tasks 'PHP interpreter update' to improve load balance
Added collapsible cards to user dashboard
Added possibility to manage 'ping' rules via new firewall management
Added warning message on user dashboard when a user account has a 'delete on' / 'suspend on' date
Added full-screen option to all CodeMirror enhanced text areas
Added 'weeks' to drop-down on certificate validation period and HSTS validity period
DNSBL / DNSWL settings now supports return code syntax
SSH public keys within user area now also accepts keys with additionally fields (from="...",expiry-time="...",...)
TLS ciphers input field now also accepts @SECLEVEL=X syntax (useful for systems which need to support TLS 1 / TLS 1.1)
Updated hints to enable / disable full-screen to all appropriate text areas
Updated firewall hard-coded ICMP rules
Updated default timings of 'panel-update' maintenance job
Result of a database sizes calculation is now cached which significantly increase performance on relevant pages / operations
Improved loading of firewall rules after a reboot by using a more solid solution
Improved display of available certificate components
Improved chart on user dashboard
Improved names on email template events to be more consistent
Improved disk space calculation to be more accurate
Improved sorting of languages in the user interface to handle languages with special characters correctly
Improved account template page for smaller screen resolutions
Improved login page when KeyHelp is in demo mode, allows one-click login, link to alternative demo server
Improved Rainloop update routine to keep existing data
Implemented a lot of minor design improvements
Unified event messages, removed unnecessary messages
Reworked interface for accessing labels of navigation items and page titles to be more consistent
Implemented naming conventions replaced admin panel / administration panel with control panel
Enhanced new firewall management to be able to support more specific rules with upcoming updates
Enhanced visuals of DNS editor
Removed Postgrey from KeyHelp installation as it was not used by KeyHelp anyway (you can remove it manually from updated KeyHelp instances)

API Changes

Added 'status' field (read-only) to all endpoints whose models have this property
Added 'scheduled task' endpoint that allows to manage scheduled tasks via KeyHelp API
Hugh performance increase for all requests to endpoints, which return information about user databases
ID of a client account in endpoint 'clients' now correctly returns an integer instead of a string

Tool Updates

Roundcube 1.4.11
PhpMyAdmin 5.1.0 (Only on Ubuntu 18.04 / Ubuntu 20.04 / Debian 10)
Rainloop 1.15.0
Adminer 4.8.0
Added responsive and more beautiful theme to Adminer
The Rainloop update routine now keeps all contacts, identities, linked accounts, signatures

Vendor Library Updates

Bulma 0.9.2
Font Awesome 5.15.2
CodeMirror 5.59.4
PHPMailer 6.3.0
TinyMCE 5.6.2
Tippy.js 6.3.1
Popper 2.9.1
Chart.js 3.0.0-beta.13
jQuery 3.6.0
phpseclib 2.0.30
Twofactorauth 1.8.0
Symfony/yaml 3.4.47
Polyfill-ctype 1.19.0

Translations

Added Arabic translation | Thanks to Mohammed Al Shamlan
Added Czech translation (Preview) | Thanks to onlepes
Updated Catalan (100%) | Thanks to Otmar Schuster
Updated Spanish (100%) | Thanks to Otmar Schuster
Updated Italian (100%) | Thanks to Alessandro Daniele
Updated Brazilian Portuguese (100%) | Thanks to Rogério Borba
Updated Swedish (100%) | Thanks to Marwin Gripenfrost
Updated German / English / Russian (100%)
Navigation labels / page titles are now organized in an own .po/.mo file, ensuring a clean separation, consistent usage and easier translation
Reduced and combined message texts where possible to reduce the number of translation strings
Fixed some punctuation errors in the English base language

Fixes / Imperfections

Fixed issues with file manager and directories with the same name as their parent directory ("test/test/")
Fixed that vital KeyHelp services could be terminated via service management page
Fixed that the new firewall management page was not highlighted as active in navigation, when firewall management selection page was still active
Fixed that user login timestamp was set on 2-factor-auth even when 2-factor-auth was not performed correctly
Fixed a bug that prevented FTP home directories from being deleted even if the corresponding checkbox was checked
Fixed error message on Prohibited Domain Names page on invalid domain name
Fixed double encoded characters on name column on API page
Fixed IP anonymization in access / error log, which could potentially remove a row if no IP was found
Fixed a formatting issue in keyhelp-toolbox on remove 2-factor-auth page
Fixed rollback of firewall rules when using the old firewall management and the anti-lockout feature
Fixed that crontab of admin was also rewritten, even when an admin just created a scheduled task for another user
Fixed a bug where one could not create email templates when using the Brazilian Portuguese language
Fixed ICMP monitoring may occasionally was blocked when using the new firewall management
Fixed a problem with large databases where access to the database overview page could result in a 503 error or take too long to load
When editing a directory protection for a non-existent directory, the directory was not created, even if it was declared otherwise
Fixed an error that could occur during installation regarding a Pyzor command
Fixed the file owner of necessary files for reloading the firewall at boot, which could previously cause the new firewall management not to update these files accordingly
Fixed an error that could occur during installation regarding firewall setup (Only Ubuntu 20) ("Warning: file_put_contents(/etc/network/if-pre-up.d/keyhelp_load_rules): failed to open stream: No such file or directory")
Fixed a PHP notice ("PHP Notice: Trying to access array offset on value of type null in /home/keyhelp/www/keyhelp/core/UI/Session/Session.php on line 180")
Ensured that iptables - which is required to use the KeyHelp firewall - is always installed on the server
Auto-import of SSH keys of existing users when saving the profile page has been removed as it was error-prone, this is now a one-time operation when updating to KeyHelp 21.0

Miscellaneous

Standardization of the CodeMirror initialization process
Removed unnecessary CSS directives
Audit of all database queries implemented improvements where possible
Removed unnecessary database queries
Enhanced debug capabilities of the database client class
Improved database structure and database field updates
Unified usage of spacer lines within default theme
Moved clients contact data to a separate database table
Fixed mistakes in file and class names labels
Cleaned up KeyHelp PHP function files
Renamed maintenance tasks (panelupdate -> panel-update / serverupdates -> package-updates)
Removed some remains of the old default theme
Updated default theme screenshot
Updated URLs to pages below https://www.keyhelp.de to match new website structure
Moved various cleanup / maintenance tasks out of the master cron job into a dedicated file
Optimized various maintenance-related tasks to perform operations only when needed and at more consistent times
Improved user data loading routines
Improved firewall setup routine during installation
Improved various URL query parameter names
Refactoring of existing pages and implementation of minor improvements:

Domain Default Page
Apache Server Status
Active Sessions
Web Server Logs
Email Queue
User Dashboard
Prohibited Domain Names
Server Service Management
FTP Users
Databases

20.3.2 01 February 2021

20.3.1 03 November 2020

New Features / Added Content

Added Swedish translation | Thanks to Marwin Gripenfrost

Improvements / Changes

Switched to a more stable method of protecting against session fixation
Vendor library updates: CodeMirror 5.58.2

Translations

Country list translation was missing for French language

Fixes / Imperfections

Fixed that sessions were not correctly terminated due to timeout when being on the admin dashboard page
Fixed the time frame selection on traffic statistics page
Fixed reasons for message in the error log 'Writing of session data with user defined memory handler failed.'
Fixed the occurrence of duplicate sessions after login
Fixed random session timeout problems under Debian 9 / Ubuntu 16 (which may have occurred on other operating systems as well)
Removed the deep check (check domain for valid MX) for email addresses on the profile page as it potentially prevented from entering a valid email
Fixed that when the checkbox 'Hide KeyHelp news on admin dashboard page' is checked (white label settings) a JavaScript error was caused on the admin dashboard that prevented various features (service/port monitoring, server notification box, pending updates) on the admin dashboard from working
Only specially prepared servers | Fixed placeholder assignment in NRPE configuration

Miscellaneous

Only specially prepared servers | Updated NRPE sudoers configuration to support a wider range of systems

20.3 28 October 2020

New Features / Added Content

New firewall system added / Enabled firewall features for Ubuntu 20/Debian 10
Added a license system to allow the KeyHelp Professional functions to be activated
Added disk space analyzer
Service/Port monitoring added to the admin dashboard (Thanks OlliTheDarkness for this idea)
Added CLI toolbox (keyhelp-toolbox), which bundles several KeyHelp CLI commands and functions

Improvements / Changes

Implemented protection against the attack vector of session fixation
Improved protection against session hijacking attack vector
Updated ionCube loader libraries
The value of the encryption_base field is now hidden in the install.log file
Added AWStats IP anonymization after 24 hours
Various improvements for displaying KeyHelp news on the admin dashboard
Added collapsible cards to the admin dashboard
The 'Email All Users' feature can now be tested in advance before the email is sent to all selected recipients
The email body of the email text 'Email to all users' can now be formatted with a WYSIWYG editor
Added hints to use the 'keyhelp-toolbox' on various configuration pages (as a reminder to help in case of a server lockout)
Unification of all event messages and their highlighting of special words
Improved visual help when using the password form fields to select a valid password
Improved system for better handling of large event messages, resulting in cleaner code, expanded capabilities and layout improvements
When DNS DKIM record values are copied from the UI, the value no longer contains \t or \n characters
Improved time frame selection method for the traffic statistics page
Searching for domains now retains the hierarchical domain structure when displaying the results
Added indicator for domains that are not part of a search string but are displayed due to the hierarchical structure
Added a cookie hint on the login screen when cookies are disabled
The HSTS default value is now displayed in days instead of seconds
Application installer logs are now deleted when a client is deleted
Added cron job for SpamAssassin to activate spam filter training
Display notifications on the user dashboard when a user has reached 90% / 100% disk usage
Added a 'Beta' indicator to the PHP interpreter configuration page for PHP interpreters in beta state
Adding 'Outdated' / 'Beta' indicators to the PHP interpreter selection drop-down menus for corresponding interpreters
The password policy option for the API has been moved to the API configuration page
Added configuration options for changing the system timezone
Added hints on pending updates on the admin dashboard
Various visual improvements on many pages (visual appearance, formatting, margins, ...)
Breadcrumbs now also shows the element you are currently editing (domain, e-mail, FTP, ...)
In the case of corrupt Let's Encrypt certificates, the corrupt files are now retained and logging has been improved to simplify further investigation
Rearranged 'Viewing options' to reduce confusion
Improved logging when expunging trash/junk email from email accounts during cleanup
Reduced cookie count for collapse states of navigation elements
Ensures that all Ajax calls require a valid session with appropriate user privileges
Application installer event texts are now more helpful when application requirements are not met
When a user is deleted, it is now immediately deleted from the database, which solves problems in allocating resources to a user during the deletion process, etc.
When using the 'Trusted sources' (White Label) setting, the 'connect-src' and 'media-src' headers of the content security policy are now also set
Improved summary row in the user administration page table when there are only users with unlimited space/traffic
Improved functionality of the CLI menu component and CLI-related classes in general
Ensuring correct word wrapping for emails with and without multi-byte characters that are sent with KeyHelp
Updated / removed / added description texts in various places where they could lead to confusion / additional information was useful
Tool updates:

Roundcube 1.4.9
PhpMyAdmin 4.9.7

Vendor library updates:

Bulma 0.9.1
Tippy.js 6.2.7
PHPMailer 6.1.8
Symfony/yaml 3.4.45
Font Awesome 5.15.1
CodeMirror 5.58.1
phpseclib 2.0.29
Popper 2.5.1
Polyfill-ctype 1.18.1
Handlebars 4.7.6
Moment.js 2.29.1
Chart.js 2.9.4

API Changes

Added new field to /server [GET] endpoint: 'components' - returns information about installed components and their version numbers
Added new field to /server [GET] endpoint: 'additional_php_interpreter' - returns the installed PHP interpreters and their version numbers
DNS DKIM record value no longer contains \t or \n characters
If 'ca_certificate' (endpoint: /certificates [POST/PUT]) is empty but part of the request body, the API will no longer return an error message about an invalid 'ca_certificate
Added an API option to ignore client account restrictions when adding new ressources to a client account

Translations

Updated Italian (100%) | Thanks to Alessandro Daniele
Updated Spanish (100%) | Thanks to Otmar Schuster
Updated Catalan (100%) | Thanks to Otmar Schuster
Updated Turkish (100%) | Thanks to Serkan Türkkan
Updated French (100%) | Thanks to Sasa Pajic
Updated Brazilian Portuguese (100%) | Thanks to Rogério Borba
Updated German / English / Russian (100%)
Removed Bosnian translation
Added French translation for enhanced drop-down ('select2') fields
Removed some last occurrences of HTML within translation strings
Fixed date format issues with Spanish / Catalan
Fixed substitution issues with Catalan email templates
Fixed various white-space issues with Italian
Fixed various mistakes in original English translation files
Fixed mixed-up translations when using Russian and being on the 'Active sessions' page

Fixes / Imperfections

Fixed problems with double escaping of characters on the DNS editor page in case of a syntax error
Fixed a visual issue with the mobile view on the 'Web server logs' / 'Server messages' page
Fixed an issue with Safari browsers introduced by a recent browser update where the wrong style was applied to table headings
Fixed a problem when using the 'Trusted Sources' (White label) setting, resulting in duplicated 'frame-src' in the content security policy header
Fixed that the deletion of a user who is currently logged into the CLI will no longer prevent the user from being deleted
Fixed that the session ID is no longer appended if an invalid / prohibited KeyHelp page is called and one is then redirected to login
Fixed that sending email via 'Email to all users' no longer sends email to a logged-in support account
Fixed an issue where when updating SSH chroot environments some libraries may have been copied to the wrong locations - this fix saves ~ 70 MB per SSH chroot environment
Fixed a character escaping problem within the connection data modal window on the email summary page
Fixed that invalid entries are no longer written to the session storage
Fixed an issue on the user dashboard where an email address with non-ASCII characters was displayed in punycode instead of the UTF8 expression
Fixed an incorrectly displayed button to hide an error message in the DNS editor
Fixed a PHP warning about outdated code for systems with PHP 7.3 and higher
Fixed a calculation error in the calculation of the translation coverage
Ubuntu 20 | Fixed that nftables may have not been set up correctly with the KeyHelp 20.2 installation routine
Ubuntu 20 | Fixed phpMyAdmin Fail2ban jail was not installed
Ubuntu 20 | Fixed a problem preventing FTP connections to the server (ECONNREFUSED)

Miscellaneous

Changed the appearance of various symbols to ensure a consistent style
Shortened several texts in order to save horizontal space and improve the user experience for mobile users
Added a new screenshot for the default theme on the theme selecting page to reflect the user interface updates of the latest versions
Updated database table structures / field names / field contents to be more descriptive / flexible, removed unused fields
Refactored traffic page
Refactored session management / handling
Refactored disk space calculation maintenance job
General refactoring and code improvements at various places
Unification the email notification system
Implemented a system that allows for a cleaner separation of .po/.mo translation files and will provide a more consistent and better translation with upcoming updates
Only specially prepared servers | Updated NRPE configuration

20.2 30 July 2020

New Features / Added Content

Added support for Ubuntu 20.04 LTS
Added support for Arm64 (Aarch64)
Added French translation | Thanks to Sasa Pajic
Added cleanup option for email mailboxes, cleaning up trash and spam folder

Improvements / Changes

Added hierarchical domain sorting
Added breadcrumb navigation
Implemented proper sorting of DNS records in DNS editor
Added new option for one click installer to delete all files within the install directory (helps when default install.html will prevent accessing the installed app)
Pop-up showing admin defined user notes now respects line breaks
Added new naming scheme option for database names / database usernames - prefixing with username
Added loading animation to submit buttons, also preventing buttons from clicked twice
Added colors for optional email account features to help to distinguish on overview page
Sowing current API version being used by KeyHelp on API configuration page
Connection information on databases with enabled remote access now also shows the correct host information
Directory protection page now no longer resets form fields on errors
Users now can select, which Roundcube identity should be the default one (within Roundcube; only if keyhelp_sync_identities plugin is enabled)
Added further checks to ensure SSL repository is in valid shape, when adding new certificates
Reduced request count on external pages
File manager:

Added full-screen editing mode
File type icons now have colors to help to distinguish
Updated list of file type categorization
More image types can now be viewed: .webp, .ico
PDF files can now be viewed
Audio files can now be played
Increased performance removing unnecessary includes and HTTP request

Tool updates:

Roundcube 1.4.7

Vendor library updates:

Bulma 0.9.0
Tippy.js 6.2.5
PHPMailer 6.1.7
Symfony/yaml 3.4.42
Font Awesome 5.13.1
CodeMirror 5.55.0
phpseclib 2.0.28
Popper 2.4.4
Polyfill-ctype 1.17.1
jQuery 3.5.0

Updated community translations

Italian: 100% | Thanks to Alessandro Daniele
Spanish: 100% | Thanks to Otmar Schuster
Catalan: 100% | Thanks to Otmar Schuster
Turkish: 100% | Thanks to Serkan Türkkan
Bosnian: 57% | Thanks to Mirnes A. (b0snaX)

API Changes

Added add / edit capabilities to hosting plans endpoint
Added endpoint to manage DNS settings
Added endpoint to manage directory protections
When sending in byte values, you can now also use shorthand notations (e.g. '1M' = '1048576' bytes)
Fixed incorrect field name in hosting-plans endpoint ('resources' instead of 'ressources')
Added 'is_custom_dns' field to domains endpoint
Added 'expunge_junk', 'expunge_trash' fields to emails endpoint
Added 'document_root' field to clients endpoint
Fixed formatting issues
<HOSTNAME>/api/openapi.yml can now be accessed and loaded by external definition parsers
Fixed issues in API documentation:

Invalid field name 'remote_hosts' instead of 'remote_access'
Invalid field type for description field in ftp-user scheme
Added note on how to handle 503/500 requests when performing multiple requests

Fixes / Imperfections

Debian 10 | Fixed IMAP/POP3 traffic could not be gathered correctly
Fixed escaping issues on scoreboard and SSL/TLS session cache status on Apache server status page
Fixed support SSH keys did work in all cases
Fixed that file manager pages were not highlighted as active in main navigation
Fixed a JavaScript error on file manager, when viewing certain files
Fixed a bug that allowed to delete the SSH key of another user
Fixed a problem with automatic IP anonymization where a warning was thrown when an invalid IP was being anonymized
Fixed a problem where importing existing SSH keys (not managed by KeyHelp until this point) did not work properly if the public key already existed in another user account
Fixed a bug that in case the 'keyhelp_root' database password contained a '#', the database dump could not be created
Fixed a bug on systems that did not have the ability to log into the root account without a password, so that the application installer could not be used because the database version could not be determined
Fixed invalid page titles
Fixed invalid redirection URL in certain cases on API keys page
Fixed invalid redirection URL in certain cases on email accounts page
Fixed invalid redirection URL in 'Configuration' -> 'Hostname' page on errors
Fixed that renaming the hostname to another domain already managed by KeyHelp is now prohibited
Fixed minor JS error when using enhanced select fields
Fixed an issue where /etc/mailname was not created during install on some systems
Fixed include path for main init files, when manually calling a KeyHelp script
Fixed an issue on old (dist-upgraded) systems, where 'mariadb.cnf' may not get included correctly in the 'my.cnf' and therefore e.g. remote access could not be activated correctly
Fixed a problem when submitting the form to manage a user account / hosting plan where 'min_spare_servers' and 'max_spare_servers' had an invalid number and pm was not set to 'dymanic'
Fixed missing required attribute on directory protection page
Chrooted environment | Fixed an issue where 'localhost' could not be found
Chrooted environment | Fixed an issue where calling a PHP time function caused an error that the time zone database is corrupt due to missing time zone definitions
Fixed problems with the Chrome/Safari browser (probably others) introduced by a recent browser update

Fixed an issue where the browser complained about unrecognized feature in Feature-Policy header
Meter/progress bars looked strange
The placeholder color of input fields looked like it normal text

Miscellaneous

Dashboard now showing CPU type
CLI component refactored, capabilities enhanced
Unified installation commands for Apache & Postfix throughout all supported systems
Improved displaying of information during installation, streamlined code
Refactored directory protection pages
Removed now unused files from previous KeyHelp installations within the file system
Due to Bulma CSS framework now offers more features, own code could be reduced
Fixed various spacing issues on configuration pages
Updated HTML elements to better fit for use within a text block
Fixed spacing issues of description texts for FTP, database, email, scheduled tasks items
Unified icon usage and their tooltips
Visually improved status icon in tables, removed the left margin
Improved directory browser handling and code
Various code cleanup and preparations for upcoming features

20.1 19 May 2020

New Features / Added Content

Added a SSH chroot / jail environment for user accounts (Professional Edition only)
Users can now add SSH public keys to their account
Updated TLS protocol and TLS ciphers used for various services - Settings can be managed via KeyHelp UI
Admins can now select which applications should be available for installation within the user area (Professional Edition only)
Added a process manager that allows admins to view all running processes and terminate them if necessary
KeyHelp alias addresses are now synchronized with Roundcube identities when you log in to Roundcube

Improvements / Changes

Collapsed / expanded state of main navigation menu items are now saved
Database dumps performed by KeyHelp now use a more secure approach to prevent malicious user accounts from spying upon the database password
Installing additional PHP packages for the standard OS version (bcmath, soap) to make the switch to one of the additional PHP interpreters more convenient
In the case of running an LXC container, a note has been added that the load values are probably incorrect
The value process_limit of IMAP login processes can now be managed via KeyHelp UI
Added display of the installed version of Postfix, Dovecot and OpenSSL on admin dashboard
Display of Apache version is no longer truncated
In case the maintenance mode is activated, an indicator has been added to point out this fact, visible in the entire UI
Application boxes on the one-click installer page now have the same height for a more consistent look
The appearance for the code tag has been updated so that it no longer looks like an error message
Increased visible area / visible directories of the directory browser
Domain list on user dashboard now only shows a limited amount of domains (when using a large amount of domains)
Email overview now only shows a limited list of aliases and redirections (when using a large amount of them)
Better and more secure storing of backups created during panel update, also eliminating the possibility of revealing critical data if a panel update fails
Added note when using cron jobs for the root system user to prevent accidental overwriting of cron jobs added via the console
Setting Feature-Policy security header
The 'Instant anonymization of IP addresses' feature has been removed (due to the large impact on performance; users can no longer negatively impact server performance) - users using this feature will be switched to 'Anonymization after log file rotation', which is also fully GDPR compliant
Added a note to DNS editor, where to find the exact value of the DKIM_RECORD_VALUE
Added new options for copying the DKIN_RECORD_VALUE, for a flawless usage of this values in web forms (e.g. when using Cloudflare)
Various improvements and security enhancements in install template files for various services in the course of the cipher update (enabling OSCP stabling, ...)
Cleaned up theme templates files, and comments are no longer sent to the clients browser which should improve the performance
File manager:

You can now download folders as .zip / .tar.gz
You can now copy or move files and folders
The file manager can now handle paths with unconventional characters inside
Upon accessing the file manager, the default start directory is now /www/

Tool updates:

Roundcube 1.4.4
PhpMyAdmin 4.9.5
Adminer 4.7.7

Vendor library updates:

Bulma 0.8.1
Tippy.js 6.2.3
Twig 1.42.5
PHPMailer 6.1.5
Symfony/yaml 3.4.40
Font Awesome 5.13.0
CodeMirror 5.52.2
phpseclib 2.0.27
Popper 2.4.0
Polyfill-ctype 1.15.0

Updated community translations

Italian: 100% | Thanks to Alessandro Daniele
Spanish: 100% | Thanks to Otmar Schuster
Catalan: 100% | Thanks to Otmar Schuster
Turkish: 93% | Thanks to Serkan Türkkan

API Changes

A setting has been added to the password policy, whether you want to apply the set password policy also when using the API
Added 'ssh_jail' property to output of hosting plans ('permissions')

Fixes / Imperfections

Download operations now prefer IPv4 in order to overcome download issues when downloading from KeyHelp maintenance servers via IPv6 (can be tweaked via settings database table)
Fixed IPv6 were not anonymized when using IP anonymization
Fixed invalid tooltips on server service management, directory protection and maintenance intervals pages
Process count calculation on admin dashboard was slightly off (now it filters the processes required to gather the process count)
Internal function for emptying a database now also takes VIEWS in account and therefore preventing errors down the line if an empty database is expected
Fixed layout issues on account template edit page
Fixed a database error in server setup routine
Fixed various punctuation errors for displayed text
Fixed various spelling mistakes in translation files
Fixed that the firewall page could not be accessed correctly if a custom theme was used and the custom theme provided a template for that page
Fixed that when /etc/keyhelp/config.json was unreadable, a 500 error was triggered with a misleading error message - now an appropriate error is displayed
Fixed incorrect file ownership for KeyHelp web server protocols after anonymization
Hiding the 'Disable DNS' checkbox when creating a new subdomain
Fixed incorrect file / directory privileges within the KeyHelp backup directory
Fixed an error that caused the disk space calculation job to fail in certain cases
Fixed cron jobs time schedule parsing for cases using hour interval on certain minutes (e.g '5 */2 * * *')
Fixed cron jobs time schedule parsing for cases using '0' for a representation of Sunday (e.g. '* * * * 0,1,2,3,4,5,6')
When using a custom theme and Apache server status was called with auto-refresh - the custom theme template file was not used instead the old default file was used
Implemented a clean separation of collecting admin email and system email parameters during installation - could cause emails not to be delivered later on
File manager (and all areas where files with umlauts could be handled): Some systems had errors with umlauts in file names, due to their locale settings, ensured they will have no problems with umlauts anymore
Fixed file permissions for the php-error.log file that could prevent the KeyHelp UI user from writing to this file
Fixed incorrect shell setting when removed SSH privilege from a user
Fixed that a scheduled task run could be triggered multiple times if started manually
Massive XSS protection update

Closing of all existing vulnerabilities
Rewritten system to ensure that there will be no XSS vulnerabilities in the future (not even accidental)
Changed to more suitable escape methods
Proper handling of placeholder strings in email templates regarding XSS vulnerabilities

Miscellaneous

Removed the amount of necessary install templates due to more capable install template deployer
Unified installation commands for component installation across all supported operating systems
Due to removal of Debian 8 support with the last update - removed old related code / file templates, ...
Updated minimum PHP version to 7.0
Code of old API used before the REST API has been removed
Old theme removed (only the firewall page remains in the old style for now)
Removed translatable strings that were only necessary for the old theme
Added maintenance job for keep restricted SSH environments up-to-date
Added new interface for Postfix configuration updates
Cleaned up some code where HTML and PHP were mixed
Load values now uses correct number format, providing uniform width
Using mono space font where ever it makes sense
Increased debug capabilities
Settings storage refactoring
Refactoring of functions used to communicate with the operating system, increased security

20.0 18 February 2020

New Features / Added Content

One-click installation of popular web applications (Professional Edition only)
You can now set IP addresses, which should be used for configuration files within the user interface
Root cron jobs can now be managed
Active SSH session can now be monitored within the UI
New maintenance task 'Clean up temporary folders' takes care of cleaning outdated files and directories within users /tmp/ directories

Improvements / Changes

IPv6 addresses are now used for (bind configuration files) when they are configured next to an IPv4 address - previously only the first IP was used
Added one-click database login for phpMyAdmin | Thanks Tobi for pointing in the right direction
Using a more secure random generator for password creation
Displaying SSH fingerprints for each available algorithm
Roundcube skin can now be set within the webmail configuration
Improved cron style input validation, you can now pass schemas with slash characters
Displaying certificate owner also on SSL/TLS deletion page
Displaying certificate issuer when editing certificates
Enforcing stronger passwords when a user changes its mail password via Roundcube
Removed the comment 'added by KeyHelp' for system user accounts created by KeyHelp, because this phrase was later also used by the system mail command
Hiding connection information for pure forwarding email accounts
The content of the active session page is now unified throughout the tables (unified labels, column order, cell values, ...)
If you click 'Add Alias' when editing email accounts, a new line will be prepended rather than attached
Highlighted the negative effect of instant anonymization on server performance
Changing the servers hostname could lead to problems with Let's Encrypt certificates, if the new name is not fully resolvable -> For guaranteeing a flawless update, the server services are now switched to a self signed certificate - You can switch back later on if the server is fully resolvable
'Scheduled tasks' improvements (in addition to the new root cron jobs):

Admin accounts can see all scheduled tasks of all users at a time
You can execute cron jobs directly (resulting in a report containing exit code, command output and execution duration)
You can now add schedules like 'Each xx Minutes' / 'Each xx hours' directly
Updated texts and icons to make things clearer

File manager improvements:

You can now view image files
When you click on the name of a file, the logically most expected option is called (click on a text file - open for editing; click on an image - open for viewing; click on an archive - opens the extraction dialog)

KeyHelp logs improvements:

KeyHelps php-error.log and install.log can now be displayed within the UI
Maintenance tasks logs are now handled by Logrotate
Maximum file size reduced to increase responsiveness of the page
Extended storage time for log entries
You can browse through rotated files

Responsiveness improvements for small screens:

Added horizontal scrolling indicators/buttons for overview tables
Fixed line breaks in various overview tables which potentially would look 'destroyed' on small screens
Updated wording for long words into more suitable ones
Improved breakpoint for external area
Improved breakpoint behavior on configuration page
Improved box/information layout for better readability on certain pages

Tool updates:

Roundcube 1.4.2
Rainloop 1.14.0
PhpMyAdmin 4.9.4
Adminer 4.7.6

Vendor library updates:

Bulma 0.8.0
Tippy.js 5.1.1
Twig 1.42.4
PhpMailer 6.1.4
Symfony/yaml 3.4.37
Font Awesome 5.12.1
Perfect-Scrollbar 1.5.0
Chart.js 2.9.3
Handlebars 4.7.3
CodeMirror 5.51.0
Select2 4.0.13
twofactorauth 1.7.0

Updated community translations

Italian: 100% | Thanks to Alessandro Daniele
Spanish: 100% | Thanks to Otmar Schuster
Catalan: 100% | Thanks to Otmar Schuster
Brazilian Portuguese: 67% | Thanks to Arleston Lueders
Turkish: 65% | Thanks to Serkan Türkkan
Bosnian: 65% | Thanks to Mirnes A. (b0snaX)

API Changes

Updated to API version 1.0.18
Added 'is_system_domain' property to domain output
Added 'application' property to output of hosting plans ('permissions')
Added 'ping' endpoint to check if server is running without wasting time collecting data
The API now responds with HTTP code 403 instead of 200 in case it is disabled
Fixed: Property 'store_forwarded_emails' may not have been saved correctly ('email' endpoint)
Fixed: Property 'spam_score' may not have been saved correctly ('email' endpoint)
Some large integer values were returned as strings, which are now being returned as int:

Endpoint: 'database' | Property: 'size'
Endpoint: 'hosting-plans' | Property: 'disk_space', 'traffic'
Endpoint: 'server' | Property: 'consumed_disk_space', 'traffic'

Fixes / Imperfections

Fixed the issue, that requests coming from Cloudflare were often terminated, due to a changed IP
Fixed the possibility to create duplicate accounts/domains when requests are sent within the same time
Fixed that an error of a single additional PHP interpreter no longer blocks the reloading of other additional PHP interpreters
Fixed that the Let's-Encrypt-challenge-self-check potentially caused errors on some servers - switched the resolving method to a more robust one
Fixed styling issues with 'Serverpool / No owner' in drop-down on SSL/TLS pages
Fixed error message in disaster recovery script for Debian 10 (part of a server backup file)
Fixed various weird behavior may occurred on mobile devices when using the option menu within the file manager (Android Chrome: Browser scrolled up / iOS Safari: Option menu was cut off)
Fixed division by zero when collecting swap information
Fixed that users could access webstats page, even when the admin has disabled it
Fixed that if invalid record was encountered in the DNS editor, a 500 error was thrown instead of an error message
Fixed that translations using the 'language_COUNTRY' code (for now only: 'pt_BR') did not work properly with the enhanced select fields (select2)
Fixed display issues of certificates that do not use the 'CN' field for the issuer
Fixed issues with the firewall where custom rules could not be applied correctly
Fixed various PHP warnings and notices on email, active sessions and server messages pages
Ensures that the PATH variable is set correctly during install to overcome issues on Debian 10 when switching to root user context
Do not display the 'Disable DNS' checkbox when editing a subdomain anymore
Handling a Safari 13 bug, which crashed when clicking select form fields
Old theme: 'Apply PHP interpreter to all subdomains' checkbox did not work correctly
Old theme: If certain restrictions have been set for a user (domains = 0, subdomains = 0) they could not access the domain page due to a 500 error

Miscellaneous

Removed Ubuntu 14 / PHP 5.5 related code
Updated how 'KeyHelp Support' accounts are handled
Improved file upload buttons
Improved system architecture detection
Updated icons in various places
Added additional debug output when 'local-checks' fail
Removed compile date from PHP interpreters page
Added setup date for keyadmin account
Various code style improvements
Updated naming for system user groups controlled by KeyHelp
Updated naming for configuration files controlled by KeyHelp
Updated naming for translation files
Fixed existing / added new Easter egg
Removed duplicate code used for generating form fields
Version number display on admin dashboard streamlined and made more readable
Visual improvements for pre-installer

19.3.1 05 November 2019

19.3 29 October 2019

New Features / Added Content

API
Securing all relevant areas (login, API, forgot password, 2FA) with a brute force throttling mechanism
Option to enable a maintenance mode for the KeyHelp UI

Improvements / Changes

Updated Let's Encrypt code to for compatibility with ACME v2
Showing SSH fingerprint on dashboards
Added support for country specific language variants
The --language parameter (install.php) now handles languages codes in a case-insensitive way
DNS for domains can now be disabled during the creation process
Translation files now contains comments again providing context information
Providing .pot translation templates within the KeyHelp package
The 'Email addresses of the server domain' option can now be configured for any email names; default names have been updated
Added a notification when additional PHP interpreter are not yet available (e.g. on new operating systems)
Helping browsers in offering better autocomplete capabilities
New language packages are now easyier to add and do not rely on the presence of common.mo
Add auto-resize to administrative access IP address list
When creating a new domain and tick the 'create www subdomain' option, the subdomain will now receive all the security features of the main domain
Rearanged user area menu to be more logical
Improved visual appearance of the sidebar
Improved information of SSL/TLS certificates page
Template cache now gets deleted when switching between themes
Menu items are now collapsible / expandable
Viewing options on domain page are now permanently saved
Keeping username in the login form when username or password were invalid
Fixed flickering issue on Android devices using Chrome browser when scrolling down with the navigation bar open
Added / enabled additional Fail2Ban jails, added recidive jail
OS EOL warnings are now more recognizable
Improved visibility concerning black overlay with modals and sidebar
Tool updates:

Roundcube 1.3.10
PhpMyAdmin 4.9.1
Adminer 4.7.4

Translations:

New Language: Brazilian Portuguese - Thanks to Arleston Lueders
Updated Italian - Thanks to Alessandro Daniele
Updated Spanish / Catalan - Thanks to Ottmar Schuster
Updated Turkish - Tranks to Serkan Türkkan
Updated English, German, Russian

Vendor library updates:

Twig 1.42.3
Phpseclib 2.0.23
Polyfill-ctype 1.12.0
Select2 4.0.11
Tippy.js 5.0.4
CodeMirror 5.49.2
Moment.js 2.24.0
Chart.js 2.8.0
Phpmailer 6.1.1
Font Awesome 5.11.2

Fixes / Imperfections

Fixed updating of user email address (profile / user management) did not update email address in Apache vhost entry
Fixed parameter --hostname-fqdn was not recognized by install.php
Fixed default table sorting for FTP and Database page
Fixed users were able to access FTP and scheduled tasks page thou they had no privileges to do so - they could not do any harm, just viewing the page
Fixed PHP-based password generator sometimes did not generate as strong passwords as possible
Fixed an error which could arise when revoking database rights on a database user, with already all privileges removes (limited due disk space overshoot) leading to be unable to edit the certain database
Fixed CSR component was shown as set, but actually was not on SSL/TLS index page
Fixed an error for bin/disable_two_factor_auth.php script that occurred when calling the script and nobody uses 2FA
Fixed possibility to assign a wrong certificate ID to a domain (only admin area)
Fixed problems with Dovecot sometimes did not reload because of some 'namespace' issues - could cause Let's Encrypt certificate did not get refreshed for mail server
Fixed behavior of viewing options button on various pages, it now acts as one would expect when clicking on it
Fixed Apache server status did not work anymore, when using modified web server ports
Fixed table sorting issues on domain page
Fixed an issue with complaining translator tools on strings with a percent sign
Fixed backup overview showed the 'Backup is enabled' badge thou it was not
Fixed element spacing issues on DNS editor
Fixed vertical alignment on various tables inside the configuration pages
Fixed some tooltip texts did not show up correctly
Debian 10 | Fixed FTP connection problems due to wrong TLS protocol settings
Debian 10 | Fixed fail2ban errors
Debian 10 (upgraded) | Fixed issues with network interface may not be loaded correctly due to the presence of an old configuration file of Debian 9
Ubuntu 18 & Debian 10 | Fixed issues with some .svg and their mime-type when using them as custom banner via white label settings
Old theme | News-Feed | Fixed wrong link URLs
Old theme | News-Feed | Fixed special character encoding

Miscellaneous

Removed non relevant help texts
Added required attribute to all input fields of the external area
Added additional input field attributes to minimize incorrect inputs
Added console.log gimmick (respecting white label settings)
Default checkbox state for 'Is enabled' when calling scheduled backup was 'enabled', thou it is not, when viewing the page - confusion fixed
Fixed some smaller HTML issues on various pages
Various refactoring for existing code base
Through unification many unnecessary translations could be removed

19.2.1 24 July 2019

19.2 16 July 2019

New Features / Added Content

Added ability to disable DNS for domains
Added 'Adminer' for database management
Added support for Debian 10 (Should be considered BETA)
Added ability to disable ClamAV daemon for email checking (can save a lot of RAM for smaller systems)
Added ability to delete domains up to a certain date
Added one-click auto-login feature for databases (unfortunately due to the PhpMyAdmin update to 4.9.0.1 it is currently only available for Adminer)
Added Turkish language (not finished yet) | Thanks to mumati

Improvements / Changes

Added additional contact data fields
Added additional contact data placeholders to email templates
Updates auto-email texts to pick an appropriate salutation name instead of just the system username (if corresponding data was stored)
Improved the way SSL/TLS warning notifications are processed, added additional recipient selection option for those notifications
Added an indicator, to show if the 'Scheduled backup' feature is enabled on backup overview page
Protecting Rainloop's '/data/' folder
Added option to let FTP server allow secure FTPS connections only
Increased visual clarity of install.log
Changed order of PHP interpreter input field to make it more logical on scheduled tasks page
Updated community translations | Thanks to: Alessandro Daniele (Italian), Ottmar Schuster (Catalan & Spanish)
Custom themes are now transferred to the new KeyHelp version during panel update process
Enhanced select fields: Adding search field and enable them to display more data (e.g. user lists, country lists)
Country select fields are now multilingual, depending on the selected language
Increased accessibility of user interface
Updating expire headers to ensure proper caching, added caching directives for web fonts
'Session idle time' and 'Duration of login deactivation' input fields now also accepts minutes and hours
Added 'Show' button to backup remote server settings password input field
Changed the appearance of tabs, increasing horizontal space, better visuals and a more intuitive behavior on mobile devices
Added 'server reboot' shortcut link to admin dashboard
Enhanced error message for 'Self check is unable to access token URI' event on domains with lets encrypt, providing more information to understand and solve the problem
Added database flag to change reload/restart behavior of bind9
Added sorting to tables of backup overview, backup repository and account template pages
Reduced request count on page load
The pre-installer now installs the ca-certificates package to increase compatibility with certificates when accessing URLs (e.g. via wget)
Improved the 'viewing option' line to generate more horizontal space, improve user experience and offer room for further extensions
Added the ability to hide system domains on domain overview pages
Added 'All fields' to search options of domain and user overview pages
Added type="search" to all search fields to make use of enhanced browser functionality for those fields
Email template input fields are now not wiped anymore when error occurs during form evaluation
Increased readability of keyhelp_login_data_* file after installation
Tool updates:

Roundcube 1.3.9
PhpMyAdmin 4.9.0.1
Rainloop 1.13.0

Vendor library updates:

Font Awesome 5.9.0
Bulma 0.7.5
Phpseclib 2.0.20
Twig 1.42.2
Twofactorauth 1.6.7
Tippy.js 4.3.4
Popper 1.15.0
JQuery 3.4.1
Handlebars 4.1.2
CodeMirror 5.48.0

Fixes / Imperfections

Fixed an error, where the security check message on file manager pages was not fired correctly and resulted in 'Error 500'
Fixing problems with unset hostname during installation (Amavis shouldn't complain about unset hostname anymore)
Fixed 'Not set' headline title on scheduled tasks page
Fixed notification email address input field possibly was hidden after page load on scheduled tasks page
Fixed disabling a domain did not disable all subdomains unlike it was stated
Fixed domain was enabled / disabled notification was not sent
Fixed problems when editing ISO-8859-1 encoded files in file manager
Fixed SIDs were attached to links when editing files with HTML content in file manager
Fixed SIDs were attached to links in footer and JavaScript input fields when editing white label settings
Fixed SIDs were attached to links of admin dashboard news
Fixed 'validity period exceeded' notification for a certificate, which was solely used for the webmailer subdomain was not sent
Fixed that users were not able to create subdomains as main domains for their own domains
Fixed that single wildcard character search using the '_' character, did not work on user overview page
Fixed password input field content got white-spaces trimmed on database and backup pages
Fixed wrong sorting of 'last login' column on user accounts page
Fixed deleting of user accounts could lead to 'Error 500' due to a bug in domain deleting process
Fixed a bug during installation, when modifying installation parameters, one could delete the input prompt when hitting backspace
Old Theme | Fixed line breaks on maintenance intervals page
Old Theme | Fixed non-working language specific'reset white label settings' button
Fixed missing event message text on server message page

Miscellaneous

Complete rewritten KeyHelp installation routines
Rewritten web tools management system
Created a complete new database interface for database operations (currently only root database operations has been updated to use the new interface)
Added cache control to Font Awesome fonts
Removed unused settings from KeyHelp database
Removed last remains of the license system code
Removed unused functions code
Logical rearrangement of various functions to match their thematic area
Internal renaming panel_task_intervals to maintenance_intervals
Changed default settings for scheduled backup in user interface
Added missing table footer line on domain logs page
Get rid of the '_index' ending with Twig template files
Updated email template placeholder names
Streamlined various event messages to reduce the amount of total messages
Added default values to various database fields
Renaming of various files to be more consistent
Moved automation features to its own tab when on user account edit page
Various small improvements due to Google Lighthouse check
Implement a more logical structure of SCSS files processing of Bulma, Font Awesome and KeyHelp styles
Changed various spellings to be more consistent
Reduced the amount of log message types of cron job logs, resulting in more readable log files
Internal unification of various controller files (backup_*, white_label_*, admin_template_email_*)
Various smaller code improvements

19.1 06 May 2019

New Features / Added Content

Added a file manager
Added server reboot feature
Added new password policy option: Check password against https://haveibeenpwned.com/
Added ability to read DKIM keys / DKIM TXT record for domains within KeyHelp UI
External themes now will be properly recognized and can be configured via additional configuration file / screenshot

Improvements / Changes

Increased secret key length for 2-factor authentication
Prevents installation on unsupported architectures (e.g. ARM) right from the start
Enhanced tooltip capabilities and look & feel
If a user session was terminated due to session timeout, the last accessed page will be opened after re-login
Provides visual feedback for copy to clipboard operations
Reviewed all system calls and closed potential security issues if they existed
Updated Font Awesome to 5.8.1
Updated CodeMirror to 5.45.0
Email aliases are now sorted on overview and edit pages
Line breaks of messages within web server logs are now properly displayed
Improved presentation of hide-able event messages
Improved presentation of sidebar on mobile devices
Improved presentation of information inside of modal windows
Improved presentation of images (e.g. uploaded images on white label edit page)
Added tips for finding spam sources on email queue page
Updated community translations - thanks to: Alessandro Daniele (Italian), Ottmar Schuster (Catalan & Spanish), Mirnes A. (Bosnian)
Improved warnings for EOL operating systems
Speed up icon display

Fixes / Imperfections

Fixed multiple DKIM keys inside email header caused by Amavis
Fixed a bug that prevents switching from default certificate to no certificate for domains
Fixed issue where users having no domains assigned were not displayed on user management page
Fixed chart error on user dashboard in case disk space exceeded 1000 percent fill rate
Fixed error message 'Database user already exists' triggered at wrong time
Copying to clipboard did not work properly on iPad / iPhone
Fixed Debian 8 sources list - removed no longer available sources
Fixed tooltips / pop-ups were not usable on mobile devices / disappeared after one second
Fixed wrong file permissions for db-backup file during panel update
Fixed Error message: 'Invalid key' on iPad / iPhone when using Google Authenticator for 2-factor authentication
Fixed encoding for KeyHelp news messages on admin dashboard
Fixed PHP interpreter update may failed due to fatal error
Fixed minor errors and PHP notices
Fixed wrong / misleading description text within backup pages
Changed fallback theme to the new default instead of deprecated old theme
Fixed spelling mistakes

Miscellaneous

Removed Ubuntu 12 related code
Hiding little Easter egg
Added warning event type
Refactoring of various classes

19.0.1 03 April 2019

19.0 04 March 2019

New Features / Added Content

DKIM support
2-factor authentication for user accounts
Enables Let's Encrypt certificates for domain forwarding
Various email server settings can now be managed via the KeyHelp interface
DNS blacklist (DNSBL) / DNS whitelist (DSNWL) support for spam prevention
Ability to allow / restrict administrative access to KeyHelp through specific IPs
Added translations for Spanish and Catalan | Thanks to Otmar Schuster
Enable automatic email configuration for Apple Mail
Ability to check passwords against a list of common passwords
New theme | Enable sorting of tables
New theme | Display of web server domain protocols within KeyHelp interface

Improvements / Changes

Prevent mobile browsers from auto-capitalization of input fields
Improved caching, added expire HTTP headers
Show notification when server is up to date
Improved display of connection information for database, ftp, email pages
Show translation coverage for available languages
Visually improved SSL/TLS index page
Made it less error-prone to change nameserver / IPs via KeyHelp database
Display default PHP version number on domain index pages
Increased security of KeyHelp login
Fixed JavaScript error 'unsupported pseudo: hover' when using pop-ups
Implementing some horizontal space-saving corrections on email index page
Updated 'Unlimited' account template
Update Bulma to 7.2, enabling additional features for file upload fields
Update phpMyAdmin to 4.8.5
Update ioncube loaders
Updated internal libraries
Changed the way, the unique secret server encryption key is generated, which may be the reason for occasionally failed logins to remote server when performing backup processes
Improved style of disabled select fields to match other disabled fields
Improved descriptions on maintenance interval page
Improved titles on admin / user dashboard, saving vertical space, be more precise, ...
Updated translation files, thanks to Alessandro Daniele (Italian), Mirnes A. (Bosnian)
New theme | Various minor improvements

Fixes / Imperfections

Fixed handling of trailing slash with domain forwarding
Fixed errors with Apple Safari browser when adding / modifying email addresses
Fixed wrong link to edit a domain on user dashboard
White label export file did not contain help links settings
Fixed technical issues inside of translation files of Bosnian and Russian translation files, lead to untranslated strings
Fixed a security issue where non-main admins could gain main admin privileges
Fixed sorting of directory explorer, directories consisting of numbers only where not sorted correctly
Decimal places for spam score were not saved
Upgraded Debian 8 -> Debian 9 systems | HTTP2 was not enabled
'Back to overview' on administrator tab / administrator management pages did partly not lead to the correct page
Fixed line breaks on small screens on domain index page
Fixed line breaks on small screens on email index page
Fixed missing template variable on prohibited domains page
Old theme | Missing texts on white label settings pages
Old theme | Removed remains of old help text on white label index page

Miscellaneous

Hide SSL/TLS certificate private key in demo mode
Removed unused folders / files
Fixed some spelling mistakes in configuration files
Unified 'Do not modify' notices in automatically written configuration files
Improved keyhelp.sql data / structure
Improvements for translators, removed several duplicate strings
Upgraded Ubuntu 14 -> Ubuntu 16 systems | Removed unused remains of old OS
Various code maintenance measures, remove duplicates, ...

18.2.1 20 December 2018

Improvements / Changes

Added domain catch-all options to enable/disable the function and define the behavior
Updated phpMyAdmin to 4.8.4
Updated Rainloop to 1.12.1
Added 'Back to overview' buttons on email templates, account templates, domain default page, white label
Limit checks are now performed on a click on the add-button, not just when saving
New theme | Increased the horizontal space on the configuration page for the default index page to make editing easier
New theme | Various visual improvements, improved readability etc.
White label | When using the trusted sources, content-security-policy-header added for frame-src
White label | Content-security-policy now allows images and fonts loaded from all sources
Default index page | When referring to the local file 'bulma.min.css', it now gets copied into the directory even with modified index default page

Fixes / Imperfections

Fixed a bug where all checkboxes for privilege settings were accidentally marked as enabled when using an account template on user creation / editing
Fixed email account size was not updated after disk space calculation job
Fixed certificates could not be uploaded via file upload
Fixed incorrect senders name when testing an email template
Fixed missing description text on prohibited domain page
Fixed a lot of spelling mistakes in German language files | Thanks to Jan (Enigma)
Fixed a problem where generated passwords were too short when increasing the minimum password length to more than 12 characters
Fixed a redirection issue when adding / editing / deleting an admin account, where you were redirected to user accounts tab instead of the admin accounts tab
Fixed scheduled tasks were shown as enabled, even they were not
Fixed incorrect database user privileges when adding remote access hosts to an existing database
Fixed an installation error when installing KeyHelp on 'Hetzner Cloud Server' (Ubuntu 18 / Debian 9)
Fixed various issues with the subdomain catch-all feature
New theme | Fixed minor HTML errors

Miscellaneous

Makes it clearer how the value pm.star_servers is calculated
White label prioritization texts now fit better the overall design
Added required attribute to various input fields
Added correct title to some configuration sub-pages

18.2 05 December 2018

New Features / Added Content

Added new modern, responsive design
Massively improved user experience / user interface all across the panel (Some may only work with the new design)
Added option to white list URLs on white label settings, to be able to include styles and scripts from external sources
Added domain catch-all which forwards all non-existing subdomains to the main domain, instead of the KeyHelp login
New configuration panel, replacing the 'server settings' and 'panel-settings' pages

Improvements / Changes

Updated phpMyAdmin to 4.8.3
Updated Roundcube to 1.3.8
Updated PHPMailer to 6.0.5
Auto-focus to username input field on login
Completely reworked email management, fixing all known bugs and enhanced usability
Completely reworked domain management, enhanced usability
Improved usability of DNS editor, improved input behavior, better error reporting, ...
Reworked admin dashboard layout, improved display of important server information, added more information
Password generating algorithm now always creates strong passwords, removed the settings that allowed weak password generator settings
On user creation, a folder '.ssh' for storing users ssh keys is now created
Ability to modify more options with directory protections
Added default max-age for HSTS
Added additional HSTS directives
Domain search options now stored in user session
Ability to disable certain languages
Lots of other, unlisted quality tweaks and optimizations / quality-of-life updates, updated texts, added help texts, improved order of elements, ...

Fixes / Imperfections

Fixed 'Password does not match confirmation' message when setting a new password
Fixed scheduled tasks, when calling a URL with multiple query parameters
Fixed forwarding HTTP code was not saved correctly, when edited via domain page inside of admin area
Fixed icon to log into phpMyAdmin was using the wrong login credentials, when using custom database names / usernames
Fixed trailing slash at the end of fcgid socket path inside of VHOST configuration file, which leads to .user.ini were not recognized in subfolders correctly also e.g. $_SERVER['SCRIPT_FILENAME'] was not well formatted because of this
Fixed anti-virus scanner reported 'failed' when updating virus database and virus database was already up to date
Fixed when database password of an existing database was changed, the check for a valid password was not performed correctly
Fixed fpm-status / fpm-ping pages were not working when using fcgid (Ubuntu 18 / Debian 9)
Fixed when using 'cron style' as input method for scheduled tasks, a '0' is not accepted as Sunday
Fixed may occurring wrong error message while adding new user accounts
Fixed errors which occur when setting 'max_execution_time' in PHP settings to 0
Fixed calculation of max available RAM in CLI mode, wrong calculation resulted in KeyHelp picking the wrong 'tuning.cfg' for the database server
Fixed form probably not be submitted because of a hidden form field with invalid data inside on user creation page
Fixed an issue where various settings of an email account were incorrectly associated with the 'Save emails in mailbox' checkbox
Fixed domain search on domain management pages may produces invalid results, when 'show subdomains' was enabled and searching for a string only matching a subdomain
Fixed deleting of email accounts, when they are based on a subdomain, and the main domain is deleted
Fixed RNAME input on DNS editor, input may not being escaped correctly
Fixed a bug, which caused database privileges were not correctly restored after limitation by disk space cron job
Fixed firewall rules were not reloaded after reboot of the server (Ubuntu 18)
Fixed HSTS 'empty directive', when only 'max-age' was specified
Fixed wrong navigation merging on admin pages caused by custom added navigation links on white label page

Miscellaneous

Changed default mailbox size to 1 GB
Code style improvements
Removed redundant code
Fixed misleading description texts
Temporary disabled bulk creation of domains
Removed option to restrict user accounts to choose PHP interpreter only for main domains

18.1.1 11 June 2018

New Features / Added Content

AWStats can be disabled
User accounts can create main domains (admins can restrict them == behavior of 18.1 and prior)

Improvements / Changes

Better visualization for 'Resources' on account template and user creation pages
Hide non relevant email protection measurements for pure email redirection accounts
Better visualization of help texts
Database names / usernames now accepts '-' character
Added note to emails with passwords, to change passwords as soon as possible
Updated order of user's 'Resources' to be identically throughout the panel
Added info if you are about to create a domain without having any user accounts

Fixes / Imperfections

Fixed 'Anonymization after rotation is disabled. Quit!' spam emails :)
Fixed hidden 'Domain can be used for email addresses' checkbox if adding multiple domains at once
If /backup/ was mounted as SSHFS, the backup processing files could not get deleted
Ubuntu 18 | 'Non numeric value encountered' in php fpm pool configuration
PhpMyAdmin version number did not show up in admin dashboard
Safari browser | Domain forwarding menu did not expand -> unable to create domain forwarding
Database names / usernames automatically transform a '-' to '_' if automatic name generation is enabled ( == same behavior as prior 18.1)

Miscellaneous

Improved translations

Italian | Thanks to Alessandro Daniele
Russian

Renaming some parts to overcome possible confusion ('Default subdomain' -> 'System domain', ...)
Placeholder description for '##error_message##' did not show up on email template pages

18.1 16 May 2018

New Features / Added Content

Ubuntu 18.04 Support
Define custom schema for default subdomain for user account creation
Manage MySQL/MariaDB access for remote hosts (including complete rewritten database management)
General Data Protection Regulation (GDPR) features

Instant anonymization of IPs when writing log entries to web server log files
Anonimyzation of IPs after log file rotation

Improvements / Changes

Scheduled backups can now also be performed on a monthly basis
Client ID (if set) is now displayed inside of the user area
Improved user experience on user's dashboard page
Added users contact data to the user's dashboard page
Enable nicer login names for i18n email domains
Take care of the target="_blank" security risk (more)
Internal dumps now stored for 7 days
Internal dumps now cannot produce 0 byte / invalid files anymore
Added email templates for backup successful / backup failed emails
Show Kernel Version on admin's dashboard page
Changed display of account template page, to avoid a too wide table
Added missing explanations for parameters of domain enabled / disabled email template
Update | phpMyAdmin 4.8.0.1
Update | Roundcube 1.3.6
Update | Rainloop 1.12.0
Update | Twig 1.35.3
Update | phpseclib 2.0.11
Update | ionCube loader
Improved Italian translation | Thanks to Alessandro Daniele
Fixed a lot of imperfection concerning displayed texts

Fixes / Imperfections

Fixed some missing tooltips on various pages
Fixed a wrong redirect after password error occurrence on backup create page
Fixed sorting of domains / subdomains in user view
Fixed not working directory explorer on admin's add domain page
Fixed not at all working directory explorer for support user
Fixed an issue, where a mounted sshfs for /backup/ directory led to 'insufficient disk space' message
EOL label on installed additional PHP interpreter was not the indicator it should be
Fixed line break behavior in multi-byte strings during install, which led texts look weird, especially with Russian language
Fixed minor PHP errors

Miscellaneous

Replaces '[DISABLED]' / '[EOL]' / ... type of indicators with label/badge representation
Improvements for Translators

Added gettext comments to better catch the purpose of an untranslated string
Removed various HTML tags or links from translations
Fixed inconvenience inside of the .po translation files, which led to words may be shown untranslated

Increased debug capabilities
Made install (console) screen a bit prettier
Further work in rework old code to match new coding style guidelines / Rewrite of various classes
Use replacement of language file placeholders in language management file instead of controllers
Replaced all tabs in configuration file templates with spaces
Prevent unauthorized access to debug release channel
Switched back to only show usernames on admin's domain management pages
Updated support user restrictions

18.0 12 March 2018

New Features / Added Content

You can use skel templates to automatically fill home/domain directories with files by your choice
Debian 9 | Enable HTTP2
Enhance scheduled tasks features

Enable different types of commands (system command / call URL / exec PHP file)
Switch PHP interpreter for execution of PHP commands
New notification options

Enable Let's Encrypt certificate generation for internationalized domain names
Enable CSR generation for wildcard domains
Added overview of all current FTP sessions to the active session overview
Completely rewritten of SSL/TLS based modules

Enabling SSL/TLS certificate management for user accounts
Now using pure OpenSSL implementation instead of phpseclib library (and therefore fixing a lot of inconveniences)

Added an overview of available server software updates and if server requires a reboot to fully implement changes caused by server software updates
Showing admin notes connected to a user account on delete screen
Admin accounts now can specify destination directories / URLs for domains
Enhanced white label options

Hide KeyHelp news on admin dashboard
Hide changelog link on admin dashboard
Hide KeyHelp ads (moved from panel settings to white label settings)

Improvements / Changes

Better CPU utilization visualization
Stop exposing KeyHelp version number in page title
Updated phpseclib library to 2.0.10
required password length in Roundcube is now updated according to the required password length setting in KeyHelp
The server updates panel tasks now logs the complete output of the called update/upgrade commands
Increased max_execution_time + max_input_vars of KeyHelps own php-fpm pool file (importing databases with phpMyAdmin will benefit from this)
Default theme | No longer downloads fonts via Google CDN - fonts are now called locally
Russian translation completely overhauled and now 100% complete again
Italian translation now 100% complete again | Thanks to Alessandro Daniele
Updated Bosnian translation | Thanks to Mirnes A. ( b0snaX )
Help Apache web server to recover from invalid states (all OS)

Debian 9 | update /etc/logrotate/keyhelp-apache | reload -> restart
Debian 9 | Apache now does not use 'PrivateTmp' anymore

PHP interpreter version on server settings page now shows building date instead of cryptic build number
Improved management of domains and corresponding PHP interpreters for user accounts, on servers which only allow PHP interpreter picking for main domains
Default theme | Improve visibility of clickable table headers (which open a submenu below)
Default theme | Links in (?) menu on user account page now opens in new tab
Improved help texts on DNS editor page (fixed spelling errors, changed order to match drop down, added CAA / PTR explanations)

Fixes / Imperfections

Fixed an issue with non-escaped characters on scheduled tasks pages
Fixed wrong labels on service management page
Ubuntu 16 | To be more fail save with handling OS images by other providers, we install make sure sudo is installed
Fixed wrong EOL label for PHP interpreters, causing PHP 7.2 get labeled as EOL
Fixed invalid CSR generation of Ubuntu 16 / Debian 8 / Debian 9
Fixed ownership (and therefore inability to log) of KeyHelps php-error.log file
Fixed scrolling into view at DNS editor page when clicking 'help'
Fixed a bug, where firewall settings could not be saved (Error: 'iptables-restore: line *** failed') | Thanks to nikko for investigating
Fixed domain validation for non puny code domain names, allowing several consecutive minus characters now
Fixed, that email addresses now always get saved in lowercase
Installing KeyHelp, while directly (not ssh) being logged into the server now does not cause 'undefined offset' error
Fixed a bug, where line breaks in disable_functions PHP setting of a user account caused syntax error in pool file
Debian 8 | Fixed a bug, where 'OS has reached EOL' message was shown too early and no links to the update guide were shown
Fixed a Bug when a user selected a different language than his profile settings on login screen, messages generated by AJAX calls were still translated into in his profile settings language
Fixed various PHP notices / warnings
Fixed wrong redirection target on FTP page after errors may occur while adding an FTP user
Fixed, that changing email account password via Roundcube was not possible
Catchall email accounts mistakenly labeled as redirection account on overview page
The 'Server time' on admin dashboard showed PHP timezone, instead of the real server timezone
Fixed a bug in email client autoconfig (Mozilla variant), showing the wrong email provider domain
Removed the 'ssl certificate: missing components' error, when just generating a CSR
Updated translations in various places, where the name KeyHelp could get replaced by a white labeled product name and so may cause confusion
Fixed errors, which may occur while deleting a user account - in the past, this meant that you were not able to delete a user account completely

Miscellaneous

Unifying line breaks of SSL/TLS certificate files below /etc/ssl/keyhelp
Updated internal API restrictions
Fixed 'Can use DNS editor' setting when generating user with internal API
Improved KeyHelps directory / file structure
Unifying of various spellings
Completely replaced all old validations with their new one
Rewritten various internal files in process to match them to new coding style guidelines
Fixed displaying of too long names in the navigation bar (RU/IT)
Removed redundant log outputs
Default theme | various minor fixes

17.2.1 21 November 2017

Improvements / Changes

Let's Encrypt terms of service URL is now automatically updated
On DNS editor search page, you can now see, which domains have already custom DNS settings
PhpMyAdmin update to ver 4.7.5 (not with Ubuntu 12.04)
Switching phpseclib branch to version 2 (2.0.7)
Updated the 'Domain Default Page' in KeyHelp to fit current standards
Updated 'Domain Default Page' index file (default variant is now in English)
Confirmation checkbox on delete pages is now required to tick

Fixes / Imperfections

Fixed that Firefox refuse to display line breaks in 'Additional Apache Directives' text box
Fixed that server name was not part of the backup file name of user backups
Fixed wrong link to changelog inside update notification caused by white-labeled product name
In input fields which receive an email addresses, special chars were not allowed everywhere
Fixed bug in domain adding, which created a subdomain, even if main domain was labeled with an error and therefore not created

Miscellaneous

Removed debug outputs where they don't belong
Removed Let's Encrypt subscriber URL option on panel settings page
Navigation bar order updated
Removed some old validation functions and replaced them by their new variants

17.2 14 November 2017

New Features / Added Content

Add language switch to installer
Admins can set additional Apache web server directives per domain
Added an overview of all currently logged in user accounts
Added option to create multiple domains at once
Added additional complexity level of a password: 'only letters'
User accounts can now be deleted automatically on schedule
User accounts can now be fully suspended (also automatically on schedule)
Added email test option to email accounts
You can now add CAA / PTR records within DNS editor
User accounts can now use DNS editor as well (if enabled by the admin)
Rainloop | You can now change password of the email account in Rainloop
Added a notifier to the dashboard in case of install errors
Added authorization headers pass to PHP using vhosts
Added a notification email on panel updates

Improvements / Changes

Updated vendor software internally used by KeyHelp

PHPmailer ver. 5.2.26
phpseclib ver. 1.0.8
Handlebars.js ver. 4.0.10
jQuery ver. 3.1.1

Ioncube loader update
Roundcube update to ver. 1.3.3
Improved user experience with setting of deletion confirmation
Switched template engine to Twig
Improved DNS editor usability
In case of an install error, you now can see the skipped steps in install.log
Now displaying full file paths in install.log
Rainloops default language is now determined by the setting during install / on KeyHelp settings page
Overhaul of the user disk space calculation panel task / log output
EOL PHP interpreters are now highlighted for admins
Added pagination to server messages page
Made it visually clearer to identify redirection email accounts (no webmail icon, no disk space usage bar)
Get rid of 'assigned subdomains' (the ones which cannot be deleted by user accounts), in domain overview
Midnight Commander now only gets installed on Keyweb Servers

Fixes / Imperfections

Fixed string padding with multibyte chars in install
Due to last Roundcube update, the 'Product-Name' inside Roundcube was not shown
Fixed invalid link in domain overviews for wildcard domains
Admins could not create wildcard domains
Fixed a bug, where when importing a certificate with spaces inside common name leads to a web server error
Fixed a bug, where when importing a certificate with an idn domain name leads to a web server error
Fixed sorting of domains in user view
Fixed a bug, where in user domain overview, subdomains could get listed below a wrong main domain
Fixed error handling in anti virus scan panel task
Fixed 'invalid size' error while connecting to SFTP during backup
Fixed 'authorized_keys not found' in install
Fixed a bug, where in some cases user account were not reset to normal privileged after drop below 100% disk space usage
Fixed missing strings in template
Debian 9 | When updating the behavior of the webmail subdomain, the wrong configuration template was used
Default language, determined by the installer was not correctly saved
Fixed that backup files now only get deleted if username and backup type match (when using one repository folder for multiple backup processes)
Fixed subdomain count on admin domain overview
Fixed various template inconveniences
Sometimes, if Apache was slow in reloading config files, domains could get marked with an error, even if the syntax of the config file was okay: Implemented a workaround to overcome slow Apache
Added a workaround to ramdisk switching routine, if switching will last longer than expected and therefore caused trouble
Fixed various spelling mistakes

Miscellaneous

Various minor install improvements
Improved folder structure
Improved database structure
Removed 'deprecated' warnings from php-gettext library
Only Keyweb | Updated NRPE settings
Removed autologon plugin configuration (obsolete)
Removed some unused internal API functions
Removed obsolete source code
Various cleanup tasks on KeyHelp log files
Debian 9 was not automatically set to debug mode (dev server)

17.1.2 03 August 2017

17.1.1 02 August 2018

New Features / Added Content

KeyHelp is now available in Italian - thx to Alessandro Daniele

Improvements / Changes

Roundcube update to 1.3.0

Fixes / Imperfections

Fixed '/root/.ssh/authorized_keys' does not exist (while updating support key settings)
Fixed a bug, where RAM disk settings prevent installation of additional PHP interpreter
Fixed a bug, where fail2Ban was not installed during install
Fixed a bug, which made DNS editor unusable
Fixed missing socket path '/run/php'
Fixed a bug where Perl/CGI scripts could not be executed if not in folder named cgi-bin
Fixed a bug where fail2ban could not be set up correctly, on applying firewall rules
[Debian 9] Missing sudo caused install failure
[Debian 9 | only Keyweb Servers] Fixed nrpe warning in install

Miscellaneous

Fixed some misleading texts and descriptions
Added OS info to install.log
Improved Bosnian translation - thx to Mirnes A. (b0snaX)
Made sure, '/home/users/*/www' in user folder has the required owner / group [during update process]

17.1 24 July 2017

New Features / Added Content

Changeable PHP interpreter version per domain
Debian 9 support
Webserver access / error logs viable via KeyHelp (incl. real time monitoring)
Change server hostname (without reinstallation) directly in KeyHelp
Email client auto configuration (added Autodiscover, the 'Microsoft method')
Send notifications when SSL certificates are about to expire.
Enable custom FTP user names

Improvements / Changes

Enable KeyHelp usernames up to 32 characters [only Server with MariaDB]
Reworked 'forgot password' behavior (increased security)
You are now able to disable 'Your mailbox has been setup successfully!' email
Added various headers to increase security of KeyHelp
Update of phpMyAdmin to 4.7.2 | Ubuntu 12.04: 4.4.15.10
Improved the process of adding / editing domains via admin area
The config in /etc/ssh/sshd_config will not be overwritten by KeyHelp installation anymore
Improved log rotation behavior of users webserver logs
Improved Roundcube's manage sieve plugin, to enable easier activation of vacation filter
Various security measures to harden phpMyAdmin installation

Remove non necessary folders
Block web access to certain folders
Add fail2Ban filters
Prevent bots / script kiddies from access phpMyAdmin

Fixed security issues concerning PHP default disable_function
Fixed security issues concerning users home directory
Get rid of the last constraints of the old translation system, now KeyHelp is 100% translatable via gettext
Enabled white label for all languages, not just the build-in ones
Improved domain index pages in admin and user area
Enabled sieve filtering in Rainloop webmailer
Improved panel tasks logs page
Prevent the auto check of the 'send login data', if user has already unchecked the sendmail checkbox before and edit email later on (on create user page)
You can now save 'Can change contact data?' in account templates
Improved handling of existing account templates when adding new users (internal API)
Improved loading of the default email template, while managing email templates
Included an info system, to inform about important changes after a KeyHelp update
Virus check now always sends a mail to the administrator accounts, if viruses is found (no need to specify a separate email)

Fixes / Imperfections

Ensured that unzip is installed (normally only Debian 8 effected)
Fixed a bug, where default PHP timezone was always set to Europe/Berlin, instead of the correct one, read by server variable
Fixed a bug, where database rights did not get reset, after not being in diskspace limit exceeded anymore
Fixed a bug, where white label page title had no effect
Lets encrypt error notification email may showed the line 'Valid to: <DATE>' of another certificate
Virus notification email was not send, in case viruses were found and notification verbose was not enabled
A click on 'Open statistic' button in user area logged out the current user
Fixed a bug in php-fpm, which made it necessary to restart php5-fpm after pool file changes (A reload did not work and caused a 'Internal server error' for a short period)
Various minor PHP notice fixed
Fixed some XSS issues
Fixed failed auth attempts to internal API
Fixed a bug, where the maximum available HDD space was not correct responded to an internal API request
Fixed a bug, where the link to phpMyAdmin in user area was hidden, if email management was disabled for the current user
Fixed a bug, where it was possible to add 2 domains with the same domain name (www. subdomain)
If user changed contact data, the mail, which then gets sent to the admins was not in the correct language of the admin accounts
If you changed date on the scheduled backup settings (not reset them), it could be, that the scheduled backup did not run for the period set under 'backup interval'
Fixed, when you started a panel task and reload the page (F5), the panel task was scheduled for start again
[Ubuntu 16] an UNUSED password for the 'mysqladmin' account was still present in install log
Fixed spelling mistakes and typos
After updating your profile's language, the success event message was still in old language
Fixed formatting issues in alert boxes
Fixed a bug, where sid could be occurred twice in URL after login
Improved visuals on apache server status page
Improved minor imperfections during KeyHelp installation process
Fixed various theme imperfections (double borders, margins etc.)

Miscellaneous

Included Bosnian translation (WIP) - thx to Mirnes A. (b0snaX)
Add build number
Add KeyHelp UID
Cleaned up unused settings in settings storage
Improved KeyHelp internal structure (code, folders, etc.)
parse_ini_file() now do not longer belong to the group of default PHP disable_function

17.0.0 03 April 2017

New Features / Added Content

Firewall (Iptables) Management
Added a webmail alternative: Rainloop (optional)
Added 'keyhelp/bin/rewrite-user-configs.php' - a script to force rewrite of all user configurations
Launch panel tasks instantly
Store server notes
Enable / disable the tools which come with KeyHelp (webmail / phpmyadmin)
Email accounts can now have alias addresses from a different email domain
Switched (almost all) of the old translation method to gettext
You can specify ScriptAlias for Perl/CGI [required for apache >= 2.4]

Improvements / Changes

Backup | Choose between different compression levels (#0000104)
Backup | Now offers multithreading support
Backup | database disaster recovery is now a shell script instead a copy of the whole database
Backup | Mail notification mail now contains a nice user salutation instead of just the username
Apache | Improved cipher list for apache webserver
Apache | Enable mod cgid
Improved layout of domain overview page
Admins receives email if a user changes its contact data
Database | Offer a new tunging.cnf for servers with low memory (only on new install)
Show version number of KeyHelp Tools on admin dashboard
Added ntp daemon to server services management
Added cron daemon to server services management
Internal backup now also contains 'mysql' database
Improved server clock
Improved user info on admin accounts page ( '(?)' )
Added sorting for apache server status page
Various improvements to the template (improved layout; added buttons; streamline list tables; ...)
You can now add a comment / description to your email accounts
~~Improved TLS PFS settings for the mail system (#0000098)~~
Improved password generating algorithm for more secure auto generated passwords [backend passwords]
KeyHelp database structure improvements
Improved panel task logs page (added navigation; show latest entries; bigger font-size; ...)
Jump directly to corresponding log file on panel task page
Improved admin dashboard layout
Behavior of input the mailbox quota now is more user friendly
Improved sorting of redirection / alias addresses for user email pages
Code quality improvements / removed unused code / refactoring
Various database query improvements
Added shortcut links for easier log-in into phpmyadmin / webmail on their corresponding user pages (don't work for rainloop)
Moved a big amount of inline styles to the mail style file
If you assign a new directory to a domain, and the directory does not already exist, then the standard index file will be put into the new directory
Roundcube update to 1.2.4
phpseclib update to 1.0.5
Set php sendmail_from parameter to prevent problems with SPF checks

Fixes / Imperfections

KeyHelp now prevents you from requesting let's encrypt certs for wildcard domains
Fixed 'id is ambiguous' if you searched for domains (admin accounts page)
[Ubuntu 16.04] PHP zip extension was missing (#1100229111)
[Ubuntu 16.04] Changed folder structure for mariadb leads to, that tuning.cnf was not loaded in correct order
When sorting the traffic column on admin account page, the sorting icon was missing
Internal API | Could create a user with traffic limit of 0 instead of default unlimited
Internal API | It could happen, that customers with a special account template could not be deleted correctly
Internal API | If users got their password generated by internal API instead normal KeyHelp UI, weak crypt algorithm was used
Fixed wrong event texts (p.ex Russian event texts inside German panel, ...)
KeyHelp news box on admin dashboard was displayed with wrong charset if the file '/etc/php/.../20-charset.ini' was modified - now independent
Fixed some XSS vulnerabilities
Database redirect_codes records for subdomains were not deleted, if the main domain was deleted
Last Roundcube updates could lead to missing address books. This update try to fix this and bring back the address books (#1100228745)
Improved translations (to be more clear, fixed mistakes, spelling)
Fixed a bug with list tables, which cause that to many borders were rendered.
Fixed various PHP errors / warnings / notices
Remove HTML from ajax responses
Fixed a case, where 'serverupdates' cron job could lead to blocking behaviour

Miscellaneous

Fixed inconveniences in one of the last ubuntu update (PHP cURL and similar functions failed)
Shows End-Of-Life warnings on outdated operating systems (only admin area)
Shows KeyDisc info on backup page (can be disabled via panel settings)
Switched to Composer
Added theme color for mobile devices
Template placeholder renaming
Changes to page title, to allow easier recognition of the current server
Corrections to / Increased semantics (HTML)

14.7.2 29 November 2016

New Features / Added Content

Traffic statistic
Email client autoconfig (via the 'Mozilla method')
Allow / deny support access

Improvements / Changes

Improvements to install log (hide sensible data, like passwords, host name, IP, ...)
[Ubuntu] Updated server's message of the day with useful KeyHelp information
Increased visual clarity on email index page
Users now get notified, if their domains get disabled / enabled by an admin (template can be modified via 'Email Templates')
Increased clarity on meter bars
Added 'unlimited' account template (only new installations)
Extended system information on admin area start page
Roundcube update 1.2.2
Streamlining / unification of strings from old translation files; increased translation capabilities of new translation files
Various performance (minimizing of function calls) / code style improvements
Various smaller template improvements
Extended user information on user delete page
If used KeyHelp-PreInstaller with password parameter, this password now don't appear in output (#0000101)
The use of the '--non-interactive' parameter now also have the correct effect on questions, which may arise in KeyHelp-PreInstaller
When re-installing KeyHelp, it now always reset the mysql-root password (which then can be found in 'keyhelp_login_data_*')
[Ubuntu 16.04] MySql root login is only possible via CLI -> created a new user for full access (via p.ex. PhpMyAdmin) - login data can be found (/root/keyhelp_login_data_phpmyadmin) (#0000099)
Keep system clock up to date with the help of ntp
Various improvements for database (mariadb/mysql in general + KeyHelp database)

Fixes / Imperfections

Fixed a bug, when KeyHelp's Lets-Encrypt-Certification-Refresher receive corrupt files from CA, the old and still correct certificate for this domain was deleted
Fixed bugs, which cause errors or prevent KeyHelp from re-installing (running through installation process multiple times) on all operating systems
The removing of a database, which corresponding database user was already deleted (manually / by 3rd party software) no longer result in an error
Enables proper escaping of Roundcube's product name
[Roundcube bug] Fixed the Roundcube error 'Smtp -1'
[only new installations] The change of an email account password via Roundcube wasn't possible
Fixed a display error on white label edit page - the placeholders 'Setting not set' were always displayed, even if setting was set
Some strings in installation process stayed in English and didn't get translated
Various corrections to translation files, add missing event texts, corrections and so on
Updated missing Russian translations
[Occured only on upgraded former Ubuntu 12.04 servers] Fixed hanging serverupdates
Fixed 'missing cert component for webmail' error after fresh installed KeyHelp
Fixed wrong 'labeled' default certificate, after auto-acquiring of Let's Encrypt certificate, after fresh install

14.7.1 12 October 2016

New Features / Added Content

Ubuntu 16.04 Support
Let's Encrypt for server domain (secure KeyHelp panel, ftp, email server), including auto request after fresh KeyHelp install
PHP-FPM status pages per FPM pool

Improvements / Changes

Improved update / install system [more failsafe, SSL protected, checksum checks, ...]
Postfix PFS cipher update to 2048 bit
Refactoring of directory protection
Refactoring of service management
Improved description texts
Added additional repository for mariaDB as fallback

Fixes / Imperfections

Fixed a bug, where you was unable to submit and upload a new SSL certificate via 'Add SSL certificate' page.
It was possible [if server hostname was written with uppercase letters] to add the panel domain to domains lists, which would lead to errors afterwards.
Fixed possible wrong redirection after submitting a FTP user form
Fixed mail queue only showed entries after the 10th of the month
Admin index page showed wrong number of subdomains, if no subdomains existed at all
In case of special Let's Encrypt errors, the Let's Encrypt logs were only partially displayed in KeyHelp
[since 14.7.0] After changing of SSL certificate for panel domain, webserver configuration wasn't reloaded
Fixed meter bar appearance in modern webkit browsers
Fixed meter bar fallback [bar was displayed 100% filled out]
Fixed spelling mistakes in language files
Added missing translations to Russian language files
Fixed white space error 'ReplaceProductName' on profile page
Creation of a user, for whose name a user group already exists. Now checking for existing user groups on the server too
Fixed display of *-byte-values if they were zero
Fixed wrong calculation [if a user with unlimited disk space exists] of disk space information on the top right corner of user overview page
Fixed various template errors (pop-up trigger position for Firefox, duplicate contents, streamlined buttons, ...)

14.7.0 23 August 2016

New Features / Added Content

Support for Let's Encrypt Certificates (#0000067)
Manage HSTS
Mail-Queue (#0000060)
Store additional user information
User accounts now may can change domain security settings
Mechanism to detect possible hanging of apt-get and stop it, if it run more than 6 hours
Show number of total allocated and actually consumed disk space (accounts overview)

Improvements / Changes

FTP passwords are now encrypted with sha256 instead md5
Added multi-delete to domain page (admin area)
Added multi-delete to accounts page (admin area)
IonCube Loader update
[Ubuntu 14] Xenial Kernel update
Added tooltips for all action icons
Empty 'index page' tables now look better
Calling an existing domain via a non existing https vhost will no longer redirect to KeyHelp login page, instead to the http variant of the domain
Hide menu items, if the user does not have the privileges to use the feature
Made it clearer if directory listing is enabled (user area)
Improved button style
Improved button positions
Increased debug capabilities concerning database errors
Increased consistency of page content header (title)
Reset DNS setting now handled by modal window
Extended system overview with FTP server info
Modified installer to handle ubuntu 16 + ionCube beta
Increase authentication method security for internal API
Changed names of archives inside backup file, allowing easier extraction
Increased visibility, of over-committed limits in user info pop-up
Complete refactoring of FTP user handling
Improved code quality due to refactoring, restructuring, DRY, ...

Fixes / Imperfections

Panel access was not correctly applied, if used an account template
Account template 'No Template / Default' did not reset settings correctly
Closed possible SQL injection security holes
Fixed parsing of scheduled Task cronstyle input method (white space could cause errors)
Fixed too liberal permissions an KeyHelp log directory
Fixed an error, if you set domain redirection to an IDN domain name
Fixed some semantic errors in user area
Fixed some Firefox display flaws (floating elements position, sidebar)
Fixed template error on DNS editor search page, if no domains where present
Fixed error on deleting scheduled task, if transmitted a wrong id
Removed the unwanted flicker effect on edit pages with 'folder explorer'
Fixed spelling in language files
Fixed an error, where that you remove the account template name an hit 'save' will result in an invalid document state
[Debian 8] Fixed Clamav start up error caused by an 'Unknown option AllowSupplementaryGroups'
A subdomain could lose its state 'subdomain', if you would edit a subdomain of a subdomain (admin area)
Fixed an error, where KeyHelp error log could become pretty big, in case of a phpseclib error (error inside loop -> spamming the log), now reset log and report only once
Fixed various minor PHP errors, undefined variables and so on
Fixed various imperfections in default template (keep up consistency, added missing attributes, move description texts to new location, ...

Miscellaneous

Get rid of a lot unused / already replaced stuff (code, icons ...)
Various other small changes / internal code changes

14.6.4 29 June 2016

New Features / Added Content

Web server ports for HTTP / HTTPS can now be changed, configuration files will be generated according to the values
You can now disable KeyHelp login for certain users

Improvements / Changes

phpMyAdmin update to 4.6.3 (Ubuntu 12.04: 4.4.15.7)
Roundcube update to 1.2.0 (#91)
jQuery update to 3.0.0 (IE6-8 no longer supported!)
phpseclib update to 1.0.2
CodeMirror update to 5.16
PHPmailer update to 5.2.16
normalize.css to 4.1.1
Domain forwarding now supports the use of port numbers in URL
Added kind of highlight to SSL certificates which will expire in less than 30 days (admin area: ssl certificates pages)
Displays the absolute path to users home directory (user area: overview page)
Added parameter '--language' to KeyHelp install, to run installation in other language
Added meter bar to mailbox size column (user area: email page)
Panel task interval page now offers interval type 'Days'
Improved debug capabilities
In case of (bind-) syntax errors in DNS editor, the error message generated by named-checkzone will now be displayed
To prevent possible connecting issues to remote backup server, the backup process now tries to connect multiple times
Current (and max) numbers of scheduled tasks currently in use are now displayed on admin and user overview pages
Improved translations
Various small other improvements

Fixes / Imperfections

If using PHP >= 5.6.21 - it was not possible to log in as a user account user via admin area (#92)
Password validation didn't recognize the underscore as special character, so it was possible that KeyHelp does not accept his own generated passwords (#95)
Meter bars didn't show up, if value was beyond 1000%
Renamed formerly known 'cron jobs' to 'panel tasks', to avoid confusion with 'scheduled tasks'
'keyhelp_login_data' file stated wrong username for MySQL/MariaDB login
'FTP accounts' row was not hidden correctly, if the feature was disabled for this user (user area: overview page)

14.6.3 25 May 2016

New Features / Added Content

Cron job ('Scheduled Tasks') management via KeyHelp (#0000013)
You can now set a custom validity period for self-signed certificates
Switched to 'gettext' in terms of translations, offering a standardized way for multiple language support and user translations [but still WIP]

Improvements / Changes

Added '--routines' to all MySQL backups via KeyHelp (especially relevant for backup)
Improved presentation of usage data on admin index page
Added 'Amavis' to 'Server Service Management'
Various small other improvements concerning stability, performance, translations and clarity of GUI.

Fixes / Imperfections

If KeyHelp database password starts with '#', no FTP connection could be established [proftpd] (#0000090)
CSR generated via KeyHelp may considered as invalid by some CA [fixed bug inside phpseclib] (#0000089)
If using English language, account template page was displayed in German instead of English.
At 'Delete-Directory-Protection'-Page wrong data were displayed for field 'Directory'
If used an account template with unlimited disk space, the user was forced to remove a '0' from disk space field to be able to submit the form.

14.6.2 29 April 2016

New Features / Added Content

Import function for old KeyHelp-2 Servers/Users (#0000046)
Mass email message, to inform all user accounts on one server (#0000012)
Antivirus scanner for files (#0000008)
webmail.<domain name> available for all domains + possibility to specify the behavior (#0000037)

Improvements / Changes

Visual improvements to user accounts overview disk space column
Improvements to all meter bars in general
Added additional description for 'Update intervals'
Improved internal autoloading capabilities
Cleaned up unused settings inside keyhelp database & code
Improved debug capabilities while running cron jobs
Navigation refactoring
Various improvements concerning language files, fixed contradictions
Increasing stability due to make database connection more failsafe
Signature algorithm for self-signed certs is now sha256WithRSAEncryption (#0000047)
Disabled spamassassin cron job, amavisd-new cron job will take care

Fixes / Imperfections

While running long-lasting tasks (p.ex. Backup) db connection could become timed out, resulting in unfinished tasks, or freezed percentage values in backup progress overview.
Take care of the daily email notification by amavisd-new cron job: 'bayes: expire_old_tokens: locker: safe_lock: cannot create lockfile /var/spool/spamassassin/bayes.mutex'
It could happen, that system user passwords would be stored as md5 hash inside /etc/shaddow, now sha512 (see 14.5.2 - bug was not fixed completely back then)
Fixed Firefox display error on 'User administration' page
Fixed user name check for directory protection user names
Removed the name 'KeyHelp' from IE6-IE8 warning on login page
Update KeyHelp default certificate from sha1 to sha256, some Google Services (Google Chrome since version 50 / Google mail services) complained.

Miscellaneous

Note | Ubuntu 16.04 [FINAL] is currently not supported anymore, we are depending on ioncube-loader support for PHP7, which is not ready yet.

14.6.1 21 March 2016

New Features / Added Content

Support for Ubuntu 16.04 [BETA] (#000079, #0000083, #0000084)

Improvements / Changes

Added a notification to administrator index page, if panel updates are disabled
Backup | Added the ability to decide, if you would like to receive notifications even on successful backups
Password strength meter is now displayed in a non clunky way, increased level of requirements, before a password is considered as a strong password
Display password requirements (determined by panel settings) while typing
(Internationalized-) Email addresses for user accounts are no longer stored in puny code, now utf8
Change a lot of translations and error messages (to be more accurate about what's going on); removed many duplicates; fixed contradictory texts
Backup | Now fully translated into Russian
Backup | Added some intermediate steps for backup process for easier debugging
Wrong user input will not reset the whole form any longer (at least for user account forms, because this is not final yet)

Fixes / Imperfections

Backup | If server time (zone) was different than PHP time it could lead to unexpected behavior of backup process: KeyHelp performed a backup process each minute instead of just one at specified time. Now, time offset doesn't matter anymore.
E-Mail | Spam score input field didn't show the current value.
End user accounts were unable to change their password via the profile settings page
The 'Use template' Button didn't transfer all data from the template to the form fields
Backup | Removed the debug output on remote repository page, which showed up if your remote server runs on windows
Backup | Increased timeout time for backup remote server, to handle slow responding/overloaded remote server
Backup | On remote server repository page, the directory list could be empty, if form field 'directory' was empty on remote server settings page
Incorrect IP inside an amavis config file could have caused problems with amavis (#0000075)
Backup | Firefox don't know input type="time" -> so we've added additional information / requirement pattern to let user know, which format the input should look like
If using 'Email addresses for server domain' you could receive (unwanted) mails from awstats logroate cron job (#0000076)
White label | The description for resource records on dns editor page contained 'keyhelp.de' as example domain - now replaced with 'example.com'
After fresh installation, clamav may could not be started, because of 'freshclam' was too slow to refresh its definitions - we now try to start clamav in the first 60 minutes after reboot, if its not running
Removed some unused settings from KeyHelp settings database and their impact on the code

14.6.0 29 February 2016

New Features / Added Content

Create Backups with KeyHelp (#0000055)
Store additional information (comments) for FTP accounts (#0000069)
Ability to specify redirection HTTP code for domains (#0000071)

Improvements / Changes

Ability to delete multiple domains in User area at once
Added additional internal API functions
Added Link to KeyHelp support community (#0000070)
Merged profile settings pages to one page.
Various usability / user interface improvements (for filling out forms, navigate inside KeyHelp, visual improvements, modal windows, ...)
Improved and cleaned up panel template, streamlining of a lot of parts
Improved and cleaned up styles.css
Improvements / fixes to all language files
Changed appearance of KeyHelp while running in demo mode
Improved server logs page
We now store relevant settings, even they the feature is not enabled (server settings page), so you can easily switch between enabled/disabled

Fixes / Imperfections

In case a user database was deleted manually (for example via phpmyadmin) the affected user was unable to log in to KeyHelp.
User area, overview page, showed wrong size for emails if no email exists
Fixed for Microsoft Edge, not to style numbers, which it assumes are telephone numbers (p.ex. server message page)
Support user was unable to view white label page

14.5.3 25 January 2016

New Features / Added Content

Additional system information on admin overview (memory/swap)
Determine forwarding email address for server domain emails (according to RFC2142) (#0000062)

Improvements / Changes

Whitelabel setting now may only be seen / changed by main administrator accounts
Updated PHP Mailer to 5.2.14 (#0000042)
Updated CodeMirror to 5.9 (#0000044)
Updated phpMyAdmin to 4.4.15.2 (#0000041)
Updated Roundcube to 1.1.4 (#0000043)
Updated CSS Normalizer to 3.0.3
Updated jQuery to 1.12.0
API support for new tariff (#0000045)
Updated default index file
Enhance clarity of KeyHelp pre-installer and installer and install log file
Human readable format for all byte values
Various template improvements
Improved UI for input of mailbox size
Improved UI for input of diskspace for create user & account templates
Improved visibility of 'index' page display options (SSL server options, show/hide subdomains) (#0000063)
Enable ServerSideIncludes via enabling apache2 mod_include per default (#0000066)
Improved / fixed missing translation
Switched to new news source to handle news from https://www.keyhelp.de

Fixes / Imperfections

It could be, that after last update Roundcube stopped working 'Database connection failed' (#0000040)
Roundcube Plugin 'password' failed to set a new password (since KeyHelp 14.4.1) (#0000068)
Roundcube Plugin 'password' failed to set a new password for email addresses containing a IDN domain (since first release)
Installation Step 'Hide LTS Notice' failed, if there was no 'update-manager-core' - in such case, this step will be skipped (#0000035)
[DEBIAN 8] Fixed a privilege problem caused by clamav in cooperation with amavisd, which lead to clamav error 'Permission denied' in mail error log

14.5.2 07 December 2015

New Features / Added Content

KeyHelp unterstützt nun Debian 8 (#0000016)

Improvements / Changes

MariaDB Standardkonfiguration zu UFT8 geändert (#0000032)
SPF Eintrag zur Paneldomain hinzugefügt (#0000020)
Beim Löschen von Benutzern werden nun ergänzende Informationen aufgeführt
Optische Verbesserungen: Eingabefelder/Icons, Admin-Startseite
Installationsprozess: Ergänzende Informationen hinzugefügt
E-Mailadressen werden nun in Kleinbuchstaben angelegt, auch wenn der Benutzer Sie mit Großbuchstaben eintippt

Fixes / Imperfections

Unterschiedliche Hashlange in /etc/shadow - vorher sha512, dann OS 'Rückfall' auf md5 - jetzt sha512 erzwungen (#0000018)
Domains mit Zeichen aus Unicode <= Version 3.2 (z.B. 'ß') konnten nicht angelegt werden, Umstellung von IDNA 2003 zu UTS #46 (#0000027)
Rechtschreibfehler korrigiert (#0000028)
Sicherheitslücke von proftpd mod_copy gefixed (#0000030)
Roundcube Login mit PHP Version >= 5.6 funktioniert nicht (#0000033)
Problem aus Update 14.5.1 beim Anlegen von neuen Datenbanken mit Benutzernamen mit '-', war nicht hinrechend genug gefixt (#0000034)
Geotrust EV Zertifikate ließen sich nicht korrekt einspielen
Beim Anlegen von neuen E-Mailkonten wurde bei fehlerhafter Eingabe auf falsche Seite weitergeleitet
Fehler im Theme auf SSL Übersichtsseite gefixt
'Notice: Undefined constants' in 'content.php' behoben
Domainsortierung im Userinfo-Feld bei Benutzerübersicht korrigiert
Bei Serverdienste Verwaltung: Datenbank Verbindung im KeyHelp war nach Datenbank reboot nicht korrekt wieder hergestellt wurden
Es konnte auftreten, dass Roundcube nach letztem KeyHelp Update (14.5.1) keine Mails mehr senden konnte
[Ubuntu 14] Hinweis auf zukünftige Release-Upgrades entfernt
[Ubuntu 14] Dienste (ssh/dovecot) ließen sich via KeyHelp Oberfläche nicht neu starten (#0000031)
[Ubuntu 14] PHP Erweiterung 'mcrypt' wurde bei Ubuntu 14 nicht korrekt aktiviert / installiert (#0000023)

14.5.1 14 October 2015

Improvements / Changes

Ablaufdatum für SSL Zertifikate nun ersichtlich auf 'Zertifikatsübersicht' & 'Zertifikat bearbeiten' Seite
DNS Editor: Es ist nun möglich die Haupt-TTL für alle anderen TTL der Records zu übernehmen
DNS Editor: Lesbarkeit (UTF8) des Domainnamens bei Umlautdomains verbessert
In user-spezifischer vhost-Datei Lesbarkeit (UTF8) des Domainnamens bei Umlautdomains verbessert
In domain-spezifischer Bind Zone-Datei Lesbarkeit (UTF8) des Domainnamens bei Umlautdomains verbessert
Für besseren Überblick, Sortierung der Container in user-spezifischer vhost-Datei verbessert
Zuordnung der Logeinträge (für Apache/Bind) in LogDatei update.log verbessert
Änderung an interner API
Sprachdateien vervollständigt / korrigiert
phpSecLib Update auf 1.0.0
Modifikation der Postfix main.cf (Angabe von CA Zertifikats-Pfad, Angabe verwendetes Internet Protokoll)

Fixes / Imperfections

Sortierung in Bezug auf Umlautdomains korrigiert

Admin | Domains anlegen (Dropdown-Feld)
Admin | Domain bearbeiten (Dropdown-Feld)
Admin | Domainübersicht

User | Startseite
User | Domainübersicht (Dropdown-Feld)
User | Emailkonto hinzufügen (Dropdown-Feld)

DNS Editor: Umlautdomains wurden in Suchergebnisliste nicht korrekt angezeigt (UTF8)
Benutzer-/Domainübersicht/DNS-Editor Domainsuche lieferte bei Suche nach Umlautdomains nicht das gewünschte Ergebnis
Benutzernamen mit '-' im Namen führten dazu, dass diese (bei automatischer DB-Namensvergabe) keine Datenbanken anlegen konnten
Wenn Benutzer gelöscht wurden, wurden die Datensätze in der DB für den Verzeichnisschutz nicht gelöscht
Fehler auf der 'Panel Einstellung' Seite behoben, der bewirkte, dass FTP Accounts gegebenenfalls eine 0 voran gestellt wurde
Falscher Dateibesitzer für Ioncube unter /usr/local/ioncube korrigiert
Korrekte Dateirechte für default.pem gesetzt
Besitzer der durch den Statistikcronjob erzeugten Daten korrigiert
Es konnte auftreten, dass der KeyHelp-Systembenutzer durch eine Quota beschränkt wurde, ggf. konnten so einige KeyHelp-Dienste nicht mehr korrekt arbeiten (z.B. Statistik)
Pfad für Statistik zuständige .htpasswd korrigiert (Statistiken konnten nur aufgerufen werden, wenn zuvor einmalig ein neues Passwort vergeben wurde)
[Ubuntu 14] Statistiken konnten nicht aufgerufen werden ('AH01630: client denied by server configuration') -> Änderung in /etc/apache2/keyhelp.conf
In den userspezifischen PHP-Einstellungen wurde der Wert 'none' für 'open_basedir' nicht korrekt umgesetzt

14.5.0 15 September 2015

New Features / Added Content

KeyHelp unterstützt nun Ubuntu 14.04
KeyHelp jetzt standardmäßig mit MariaDB 10
Updatescript für manuellen Update von MySQL DB 5.5 zu MariaDB 10 (zu finden unter '/home/keyhelp/www/keyhelp/bin/')
Komplett überarbeiteter, benutzerfreundlicher Installer

Improvements / Changes

MySQL Datenbank Namen und Benutzernamen können nun vom Nutzer frei vergeben werden (sofern der Administrator diese Option freigeschaltet hat)
Benutzerübersicht/Popup - Liste der Domains kann sehr lang sein -> Es werden nun nur noch 4 angezeigt, der Rest kann ausgeklappt werden
Verbesserungen in Sprachdateien, Vereinheitlichungen von Bezeichnungen
CSS Umstellung auf SCSS | CSS Minimierung | Normalizer
Update des Ioncube Loaders auf neuste Version
Warnung hinzugefügt, dass wenn man bei einer Domain den Haken bei 'Domain für Mailadressen verwenden' raus nimmt, man somit auch alle E-Mails für diese Domain löscht
Inhalt von /etc/php5/conf.d/ + /etc/php5/mods/available aufgeräumt | Mods aktiviert mit korrekter Priority
Erweiterung der KeyHelp Debug/Test-Möglichkeiten
Der Datenbank Zugriff für priviligierten Datenbank Benutzer läuft nun nicht mehr über den root Account, KeyHelp unterhält nun einen eigenen privilegierten DB-Nutzer
Vereinheitlichung der KeyHelp Datenbank Struktur / Entfernung nicht mehr benötigter Einträge
Refaktorierung der KeyHelp Code-Basis / Anpassung der Ordnerstruktur
Sicherheitsverbesserung, durch Änderung der Zugriffsrechte auf diverse sensible Systemdateien
Verwaltung des Mastercronjobs erfolgt nicht mehr über die root crontab, sondern über eigene Datei
Namens-/Strukturänderung von diverser durch KeyHelp angelegten Systemconfig-Dateien
Für bessere Trennung zwischen Server-Administrator und KeyHelp wird es nun durch einen eigenen Benutzer ('keyhelp') verwaltet, nicht mehr i.d.R. durch 'admin'
Neue KeyHelp vhost Konfiguration
jQuery Update auf 1.11.3
Support für internationale/Sonderzeichen/Umlauten-beinhaltende TLDs

Fixes / Imperfections

Einrichtungsdatum wurde nicht bei per API angelegten Nutzern gespeichert
Beim 'erzwungenen' Aufruf des Mastercronjobs mit unbekanntem Skriptnamen, wurden PHP-Warnungen ausgegeben
Beim Bearbeiten von FTP-accounts wurde in der entsprechenden Maske statt des korrekten Pfads nur '/www/' angezeigt
Bei Speicherung der Roundcube Plugin Einstellungen konnte auch ein falsch formatierter String gespeichert werden.
Bislang zwar Razor/Pyzor installiert, aber Konfiguration wurde nicht ausgeführt
Roundcube erstellte keine IMAP-Standardordner (was Funktionalität von Roundcube einschränkt), Konfiguration aktualisiert
Die Shell von Benutzern (ohne SSH-Zugang) wurde nicht korrekt gesetzt
Es war möglich, Administratoren anzulegen, ohne einen Benutzernamen anzugeben
Fehlerhafte Dovecot Konfiguration behoben (iterate/mailquota), Mailquota konnte somit nicht korrekt ausgelesen werden (u.A. von Roundcube)
Domainvalidierungs-Bug in interner API gefixt
Internationale Domainnamen (mit Sonderzeichen/Umlauten o.Ä.) UND einen Minus wurden nicht korrekt validiert
Korrektur der Sortierungsreihenfolge der Elemente beim Benutzer-Bearbeiten
Bugfix für Apache-Bug (2.2/2.4), in mime.conf: Verwendung von 'AddOutputFilter' ohne 'IfModule'-Directive, kann zahlreichen Einträgen im Error-Log führen
Bugfix für Neu-Installationen ab KeyHelp 14.4.1, Webstatistiken wurden nicht korrekt angelegt

14.4.1 26 May 2015

14.4.0 06 May 2015

Uncategorized

Adminbereich | Neues Feature: Whitelabel
Adminbereich | Es können nun Notizen zu Benutzer hinzufügen werden, die auf Benutzeraccounts und Domainübersichtsseite einsehbar sind
Userbereich | Neues Feature: Passwortschutz für Verzeichnisse
Usability / Übersichtlichkeit verbessert

Syntax Highlighting für Code-Eingabefelder hinzugefügt
Bei Domainübersicht kann man nun direkt in den Account des Benutzer springen bzw. ihn bearbeiten
Übersicht der Index-Tabellen verbessert
Bei Benutzeraccounts / Domainübersicht kann man nun die Tabellenspalten sortieren
Bei Verwendung des Verzeichnisexplorers erfolgt eine Warnung, sobald man das im Explorer gewählte Verzeichnis nicht übernommen hat

Man kann nun diverse Einstellungen des Webmailers Roundcube über KeyHelp anpassen (z.B. Plugins via KeyHelp aktivieren / deaktivieren)
Lizenzsystem implementiert
Adminbereich > SSL-Zertifikate | Beim Update eines bestehenden und in Verwendung befindlichen Zertifikats wurden die Webservereinstellungen nicht erneut eingelesen
Adminbereich > Panel Einstellungen | Das Ändern der KeyHelp-Standardsprache wurde nicht korrekt gespeichert
Adminbereich > Benutzeraccounts | Popups beim Mouse-over über '(?)' klappen nun nach oben auf, wenn am unteren Bildschirmrand kein Platz mehr sein sollte
Adminbereich > Domains | Domains, die für Weiterleitungen (via Apache-vhost) genutzt wurden konnten nicht deaktiviert werden
Adminbereich > Domains | Bei Domains, die für Weiterleitungen (via Apache-vhost) genutzt und mit SSL gesichert sein sollten wurde lediglich der vhost-Container für Port 80 angelegt
Adminbereich > Servermeldungen | Fehler behoben, der dazu führte das Benutzer, die ohne E-Mailadresse (im Benutzerprofil) angelegt wurden beim Anlegen eines E-Mailkontos via KeyHelp Fehlermeldungen in den 'Servermeldungen' produzierten
Admin/Benutzerbreich > Domains | Man konnte keine Subdomains für Umlautdomains anlegen
Benutzerbereich > Domains | Wenn man als 'Ziel' der Domain ein externes Ziel wählt, wurde dies nicht korrekt validiert
Benutzerbereich > E-Mail anlegen | Umlautdomains wurden im Dropdownfeld in Punycode angezeigt, statt in utf-8
Benutzerbereich | Subdomain anlegen | Umlautdomains wurden im Dropdownfeld in Punycode angezeigt, statt in utf-8
Intern | Fehler in interner API korrigiert ('invalid request method')
Intern | KeyHelp-Demo Sicherheitsmaßnahmen verschärft
Die Tools (PhpMyAdmin / Roundcube) lassen sich nun auch ohne abschließenden '/' in der URL aufrufen
Roundcube | Fehler im Autologin-Plugin behoben
Update | jQuery auf v1.11.2
Update | PHPMailer auf v5.2.9
Stylesheet des 'default' Templates verbessert (25% kleiner)
Schriftarten vereinheitlicht
Interne Performanceverbesserungen am Code
UTF-8 als 'default_charset' in den PHP-Einstellungen festgelegt ('php5dismod charset' zum deaktivieren)
Änderung | Deaktivierte Domains leiten nun nicht mehr zum KeyHelp Login um, sondern zur 'Diese Domain ist nicht verfügbar' - Seite
Änderung | Menüpunkt im Adminmenu 'KeyHelp' heißt jetzt 'Panel Einstellungen'
Diverse Rechtschreibfehler beseitigt, irreführende Textstellen geändert, fehlende Übersetzungen ergänzt
Änderung der internen Ordner/Datei Struktur
Absicherung der KeyHelp Installation gegen 'include attacks'
Änderungen im KeyHelp vhost-Container

14.3.1 20 January 2015

Uncategorized

Erweiterte Serverinformationen ('Übersicht'-Startseite)
News-System zur Information über kommende Updates u.Ä. ('Übersicht'-Startseite)
Benutzernamen sind nun anklickbar und führen zum Direktlogin als gewählter User ('Benutzeraccounts'-Seite)
Alphabetische Sortierung von Usernamen und Domainnamen statt nach Anlegedatum ('Domain anlegen'-Seite)
[BUGFIX] MySQL Fehler bei Suche nach nicht vorhandenen Domains behoben ('Benutzeraccounts'-Seite)
[BUGFIX] Anzeigeprobleme von Icons behoben ('E-Mailvorlage anlegen'-Seite)
Max. Script-Ausführzeit des KeyHelp, PhpMyAdmin, Roundcube vHost-Containers auf 120 Sekunden erhöht
[keyhelp] Fehlende Textstellen in russischer Übersetzung ergänzt
[keyhelp] Erweiterung der internen API (KeyPages ready)
[keyhelp] Sessions IPv6 ready
[keyhelp] Regelmaßige Backups der internen Datenbanken (keyhelp, phpmyadmin, roundcube)
[keyhelp] Pre-Update Backups befinden sich nun außerhalb des www-Ordners
[ftp] Neue PassivPorts Range
[ftp] Wiederaufnahme von Uploads/Downloads bei Verbindungsunterbrechung möglich
[postfix] Konfiguration bereinigt
[postfix - SPAMSCHUTZ] Hinzufügen von Mail-Header Checks, zur Blockierung von Backscatter Mails
[postfix - SICHERHEIT] Aktivierung von Perfect Forward Secrecy (PFS)
[postfix - SICHERHEIT] Verwendung von TLS für ausgehende E-Mails
[phpmyadmin] Korrekte Leserechte für config Datei gesetzt
[roundcube] Versionsupdate auf 1.0.4
[roundcube] Änderung von E-Mail-Postfach Passwörtern nun direkt im Webmailer möglich
[roundcube] Korrekte Leserechte für config Datei gesetzt
[roundcube - SICHERHEIT]] Zum Versenden von Mails via Roundcube wird nun TLS verwendet
[webserver - SICHERHEIT] Verbesserungen der SSLCipherSuite der Apache-Config zum Schutz vor Poodle
[spamassassin - SPAMSCHUTZ] Cronjob für regelmäßige Updates der Filterregeln aktiviert

14.3.0 02 December 2014

Uncategorized

[NEU] Apache Server-Status ist nun über die Weboberfläche einsehbar
[NEU] Link zum KeyHelp-Changelog nun durchgängig auf Administrator Startseite sichtbar
[NEU] Administratoren können nun die index.html / index.php, die im Userordner automatisch angelegt wird editieren
[NEU] Beim Domainanlegen kann nun festgelegt werden, ob automatisch von http auf https umgeleitet werden soll, oder nicht
[NEU] Als Referenz für das Editieren von E-Mail-Vorlagen kann nun die (interne) Standard E-Mail geladen werden
[NEU] Temporäre Ordner können nun als RAM-Disk angelegt werden, die Scriptausführung in diesen Ordnern kann verhindert werden (Erhöhte Sicherheit durch Schadscripte)
[ÄNDERUNG] Diverse Änderungen an Apache-KeyHelp-vHost Datei
[BUGFIX] Korrektur von fehlerhafter Darstellung des Tilde Zeichens in Textareas (unter Windows)
[BUGFIX] Apache Alias des KeyHelp php-fastcgi war von Userdomains aus erreichbar
[NEU] Es können nun Catch-All E-Mail-Postfächer angelegt werden
[NEU] Verbindungsinformationen für E-Mail und FTP werden auf den entsprechenden Übersichtsseiten angezeigt
[BUGFIX] Falsche Dateirechte der automatisch erzeugten index.html korrigiert
[BUGFIX] Der /logs/ Ordner war nicht durch den Benutzer einsehbar - falsche Dateirechte korrigiert
[BUGFIX] Die Statistiken wurden immer auf Deutsch erstellt, auch wenn eine andere Sprache im Benutzerprofil hinterlegt war
[SICHERHEIT] Support für Apache Perfect Forward Secrecy
[SICHERHEIT] Fix für POODLE Sicherheitslücke für Apache / Postfix / Dovecot / FTP
[SICHERHEIT] Support für Apache HTTP Strict Transport Security (muss manuell aktiviert werden)
[NEU] KeyHelp ist nun auch auf Russisch verfügbar
[NEU] Sollte der Apache-Webserver einmal abstürzen, wird der Dienst automatisch wieder neu gesartet.
[NEU] Support für eigene Dovecot Konfigurationsdateien
[NEU] Hinzufügen einer robots.txt um Indexieren des KeyHelp-Logins durch Suchmaschinen zu verhindern
[NEU] Sofern nicht bereits geschehen, Installation von fail2ban
[Änderung] Die Tools (phpmyadmin / webmail) sind jetzt über <serverdomain>/phpmyadmin/ bzw. <serverdomain>/webmail/ erreichbar und nicht mehr über eine Subdomain (Ermöglicht SSL-Sicherung ohne Wildcard Zertifikat)
[Änderung] Diverse Änderungen an interner API
[Änderung] Diverse optische Verbesserungen / Änderungen im Template
[Änderung] Performancesteigerung durch effizienteres Caching und Umgestaltung der Sprachdateien
[Änderung] Diverse Korrekturen an den Sprachdateien
[Änderung] Diverse Vorbereitungen für Einführung der Whitelabelfunktion in einem kommenden Update
[Änderung] Support für sprachspezifische Handbücher

14.2.1 27 August 2014

14.2.0 26 August 2014

Uncategorized

[NEU] Serverdienste können nun verwaltet werden (aktueller Status, starten, stoppen, neu starten)
[NEU] Bei Änderung der Zugangsdaten durch einen Administrator, können diese dem Nutzer nun automatisch per Mail geschickt werden [bei Benutzeraccounts >> Benutzer Bearbeiten]
[NEU] Neues E-Mail-Template für Änderung des Nutzerpassworts durch einen Administrator
[NEU] Zusätzliche Benutzerinformationen lassen sich nun auf der Benutzerübersichtsseite einfach aufrufen [Allgemein >> Benutzeraccounts >> (?) ]
[NEU] Man kann nun die auf der Benutzerübersichtsseite angezeigten Benutzer filtern - nach Benutzername / Kontaktname / Domain [Allgemein >> Benutzeraccounts ]
[NEU] Wahlweise Backup über KeyDisc oder geeignetem anderen Speicher möglich
[NEU] Für jeden Benutzer können nun eigene PHP & PHP-FPM Einstellungen gesetzt werden
[NEU] Account-Vorlagen wurden um die Punkte PHP & PHP-FPM Einstellungen erweitert
[NEU] Cronjob hinzugefügt, der das Löschen von alten Session-Dateien im Usereigenen tmp/ Ordner übernimmt
[NEU] KeyHelp ist nun auf Englisch verfügbar
[ÄNDERUNG] Optimierung der Domainsuche [Allgemein >> Domains]
[BUGFIX] Im DNS Editor konnte kein CNAME - Record angelegt werden
[BUGFIX] nach Editieren einer Domain durch den Administrator wurde ein eventuell vom Nutzer zugewiesenes Ziel wieder durch den Benutzer-www-Ordner ersetzt
[BUGFIX] (betrifft Installationen ab 14.1.0) dem Administrator wurden keine 'SuperAdmin' rechte eingeräumt, das hinzufügen weiterer Admins war somit nicht möglich
[BUGFIX] (betrifft Installationen ab 14.1.0) Aktualisierung der Intervalleinstellung von Serverupdates
[NEU] Verzeichnisexplorer: Anstatt eines Dropdownfelds kann nun das eigene Benutzerverzeichnis durchsucht werden um ein Homeverzeichnis für einen FTP-User oder ein Domain-Zielordner auszuwählen
[AKTUALISIERUNG] Verbesserung der Sortiertung von E-Mailadressen in der E-Mail Adressen Übersicht
[NEU] Support für sprachspezifische Bilder
[NEU] Unterstützung für .cgi scripte über fcgid
[AKTUALISIERUNG] Roundcube (Webmail) auf neue Version 1.0.2 aktualisiert
[AKTUALISIERUNG] PhpMyAdmin auf neue Version 4.2.7.1 aktualisiert
[AKTUALISIERUNG] jquery auf neue Version 1.11.1 aktualisiert
[AKTUALISIERUNG] interne Komponente zum E-Mailversand
[AKTUALISIERUNG] Kernel
[AKTUALISIERUNG] Als 'Depricated' eingestufte PHP-Kommentare beginnend mit '#' aus den PHP5-FPM-Pool-Dateien ersetzt
[ÄNDERUNG] Diverse visuelle / performance Verbesserungen
[ÄNDERUNG] Diverse Sicherheitsverbesserungen
[ÄNDERUNG] Seit Chrome 34 werden Formular Felder IMMER automatisch ausgefüllt -> bei einem Administrationspanel ist das jedoch kontraproduktiv -> Verhinderung des Ausfüllens
[ÄNDERUNG] Performancesteigerung MySQL Datenbank
[ÄNDERUNG] Bei Userdomains keine A Records mehr für Nameserver
[ÄNDERUNG] Benutzerhandbuch aktualisiert
[ÄNDERUNG] Diverse Usability Verbesserungen
[BUGFIX] Webstatistiken wurden während des Panelupdates nicht korrekt übernommen
[BUGFIX] Rechtschreibfehler / fehlende Übersetzung in deutscher Sprachdatei korrigiert
[BUGFIX] FTP-Server konnte ggf. nicht mehr starten, nachdem in 'SSL-Zertifikate' festgelegte Serverzertifikate neu eingelesen wurden
[BUGFIX] Im Zuge der SSL Umstellung im letzten Update konnte das Panel beim Aufruf über die IP-Adresse OHNE https nicht mehr erreicht werden
[BUGFIX] Bei Verwendung des Internet Explorers konnte es vorkommen, das einige Buttons nicht korrekt funktionierten (insbesondere die 'Zurück zur Übersicht' - Buttons).

14.1.0 08 July 2014

Uncategorized

[NEU] SSL-Zertifikate können nun über KeyHelp verwaltet werden. Domains, sowie Server-Dienste (KeyHelp, E-Mail, FTP) können somit geschützt werden.
[NEU] Update der Domainübersicht -> per SSL geschützte Domains werden entsprechend angezeigt.
[NEU] Beim Anlegen von neuen Usern können nun Kontaktdaten hinterlegt werden (Name, Vorname, Firma).
[NEU] Es können nun zusätzliche Administratoren angelegt und verwaltet werden.
[NEU] Hilfe zu den verschiedenen Record-Typen hinzugefügt (bei DNS-Editor).
[NEU] Cronjob hinzugefügt, der automatisch Serverupdates einspielt (apt-get update / upgrade)
[Änderung] 'Ja, ich bin sicher'-Checkbox beim Löschen von Account-Template & E-Mail-Template nicht mehr vorselektiert.
[Änderung] Die Änderung des eigenen KeyHelp-Passworts über 'Mein-Account' ist nur noch mit Hilfe des aktuellen Passworts möglich.
[BUGFIX] Benutzernamen mit Bindestrich konnten zu Problemen beim Anlegen von MySQL Datenbanken führen.
[Änderung] Benutzer-Default-index.php geändert (bei per SSL geschützten Seiten, meldeten moderne Browser Fehler 'unsicherer Inhalt über http geladen - statt https'
[Änderung] Benutzer-Handbuch aktualisiert
[NEU] Ergänzende Funktionalität beim Anlegen von Usern über die API
[ÄNDERUNG] diverse visuelle Verbesserungen
[ÄNDERUNG] DNS: Angelegte Domains erhalten nur noch eine IP Adresse zugewiesen (nicht mehr zwei, sofern vorhanden)
[BUGFIX] Fehler im Installationscript behoben (Apache Konfiguration gab falsches Feedback zurück)
[BUGFIX] ggf. auftretende DNS-Query Fehler beseitigt

14.0.0 28 May 2014