KeyHelp Changelog Viewer

KeyHelp PHP Interpreter Applications Changelog (One-Click Installer) Operating System Scripts Expand records
24.0 07 February 2024

New Features / Added Content

  • Added domain owner transfer feature
  • Added notification webhook feature (each time a notification event occurs, event-relevant data is sent to a webhook URL, where it can be processed further)
  • Added traffic statistics for domains

Improvements / Changes

  • Improved the domain creation process by suggesting directories for the domain home directory
  • Added a new URL for accessing the database administration tool 'https://<DOMAIN>/db'
  • Enhanced the 'keyhelp_login_data' on new installations by adding access URL and IP to the database section, similar to the KeyHelp section
  • Updated the Apache error log parser (e.g. on web server protocols) to work with servers that use “remote” instead of “client” in the Apache error log
  • Improved the 'Login as this user' feature as it now preserves the administrator's theme mode regardless of what theme mode the client is using
  • Improved the user experience when switching to dark/normal mode - it now stays on the same page where it was triggered and no longer jumps back to the last main page
  • Revamped the Message of the Day (MotD) feature
    • Made MotD consistent for Debian and Ubuntu systems
    • Improved the way the MotD is generated
    • Enabled the display of IPv6 addresses
    • Made MotD script configurable (white-label, link a custom login file, decide which login URLs / IPs to display)
    • Implemented two different views, one for root SSH access and one for client SSH access (hide login file on client access)
  • Updated the ionCube Loader to version 13.0.2
  • Updated the SourceGuardian to version 14.0.2 / 14.0.3
  • Cleaned up and improved the database structure of the KeyHelp database
    • Changed charset from utf8mb3 to utf8mb4
    • Changed collation from utf8mb3_general_ci to utf8mb4_unicode_ci
    • Added relations / improved cascade design for various tables
    • Adjusted the lengths of database fields for various tables
    • As a side effect, you will now be able to use emojis in inputs fields 😉👍
  • Extended the start of anonymization for event log records from 48 hours to 14 days
  • Hardened calls to system commands (e.g. exec) to handle incorrectly set locales that could lead to non-English system responses and potential command output parser errors
  • Updated the HTTP headers KeyHelp is sending to no longer reveal the web server it is using (only for KeyHelp Web UI)
  • Improved screen space usage for screen widths between 769 - 1408px on various pages
  • Improved the wording on various pages to avoid vertical scrolling
  • Increased the width of all input pages and therefore improved visual appearances on wider screen resolutions
  • Moved the default language option out of the language configuration page table, saving horizontal space and making it easier to find
  • Added the 'Login as this user' feature to the TLS/SSL certificates page
  • Added a link from the AWStats configuration page to the data privacy page
  • Added an option to let AWStats determine visitor origin countries and hostnames instead of IPs
  • The option 'Configuration -> FTP-Server -> Allow only SSL/TLS protected connections' is now set to true by default on new installations
  • Added a note to the 'Server reboot' page when backup operations are still running
  • Added UI elements to the web server configuration page to reset web server ports settings to default
  • Updated the Apache log format section on the web server configuration page
  • Added UI elements to the web server configuration page to reset Apache log format settings to default
  • Ensured AWStats can now work with a custom Apache log format
  • Ensured the web server protocols page can now work with a custom Apache log format
  • Removed the ability to use email aliases with a different domain name than the email account address; During the update, existing aliases with a different domain became detached email forwarding accounts to the address of the email account
  • Backup system
    • Added progress status to restore operations
    • Improved CLI backup status reports
    • Improved the process handling of backup processes to be more flexible and easier to use, also fixed some minor issues
    • Improved the visibility of the provided example configurations for custom backup storages
    • When still using the old/outdated backup system, its email notifications are not issuing the status 'Warning' even on successful operations; Note, the old/outdated backup management is marked as deprecated
    • When still using the old/outdated backup system a warning notification is displayed on the KeyHelp dashboard; Note, the old/outdated backup management is marked as deprecated
    • Improved the description texts on the backup management selection page
    • Added an email notification when backup operations pile up (indicating a possible issue with the backup system)
  • Enabled logging of failed authentication attempts in SnappyMail to syslog
  • Fail2Ban
    • Implemented a jail for SnappyMail failed authentication attempts in /etc/fail2ban/jail.d/keyhelp.local (only for new installations or dist-upgrades - see /install/templates/fail2ban/jail.d/keyhelp.local for a template to update your server accordingly)
    • Implemented a jail for MariaDB (if remote access is enabled) failed authentication attempts in /etc/fail2ban/jail.d/keyhelp.local (only for new installations or dist-upgrades - see /install/templates/fail2ban/jail.d/keyhelp.local for a template to update your server accordingly; Debian 10 and Ubuntu 20 may need to update /etc/mysql/maria.conf.d/50-server.cnf and comment out the log_error = line to make this work)
    • Shortened the name all KeyHelp implemented Fail2ban jails (e.g. keyhelp-apache -> kh-apache)
    • Renamed the jail kh-proftpd to kh-ftp
    • Ensured that the required libraries 'python3-pyinotify' and 'python3-systemd' for fail2ban are installed
    • Added an alternative path to the fail2ban-client binary to the KeyHelp's sudoers configuration file
  • Debian 12 / Rspamd
    • Ensured the spam learn cronjob is enabled/disabled according to the settings made within the KeyHelp UI (when dist-upgrade was performed between 1st and 7th November, it may not be enabled)
    • Cleaned up the system for outdated / no longer needed content in /var/spool/spamassassin/
    • Cleaned up the /etc/postfix/ for outdated / no longer needed Amavis configuration directives
    • Rebuilt the directory structure within /var/lib/rspamd/ for future Rspamd extensions
    • Fixed Rspamd's case-sensitive DKIM lookups
    • Reworked the method of securing the Rspamd web interface
      • The interface is now password protected but also allows autologin when being logged into KeyHelp
      • You have to set an initial password in order to use the web interface
      • Allows a much quicker access to the web interface
      • The Rspamd service no longer needs to reboot
      • The new method is much more secure (especially in shared IP environments)
      • Removed code complexity and maintenance
      • The Rspamd web interface can now be accessed without the need to log into KeyHelp first
      • Added a note and link to the Rspamd external web interface
    • Re-enabled email address black-/whitelist for Rspamd; On dist-upgraded systems: Your old black-/whitelist settings from before the dist-upgrade are reactivated automatically in the course of the update
    • Added an option to decide whether blacklisted email addresses should be tagged as spam or rejected
  • Improved the user interface on the email server configuration page
  • Updated the way CPU information are collected
  • Hides the CPU clock speed, if it could not be correctly determined
  • Added a fallback for processors whose processor label could not be correctly determined
  • Stopped loading vendor image if CPU vendor could not be correctly determined, resulting in a cleaner look of the dashboard
  • Added convenient functions to access the processor and core labels
  • Updated headlines and descriptions for maintenance intervals to make them more uniform and easier to understand
  • Ensured 'file' is installed for new installations (used for file manager)
  • Improved the parsing of the mail queue
    • Improved speed of the mail queue parsing by a factor of up to 200
    • If an email in the queue has more than one recipient, you can now see the addresses of other recipients, not just one
    • You can see the total number of recipients an email has
    • Improved the help section of the mail queue page
    • Improved formatting of large mail queue count numbers
    • The warning threshold for numerous emails in the queue has been reduced to 200 (previously 500)
    • The warning message is now more visible and more consistent to the rest of the KeyHelp UI
    • Added an email notification that triggers when the amount of emails in the queue reaches the warning threshold
  • Improved the user experience when using the password input fields while having caps lock enabled
  • Moved the login notification checkbox from dashboard to profile settings
  • Enabled login notifications feature also for administrators
  • Added the option to specify logos for Roundcube when it runs in dark mode (Configuration -> Webmail)
  • Installed PHP extension gmp
  • Updated the white label feature
    • Added the option to specify logos for the KeyHelp user interface when KeyHelp runs in dark mode
    • Removed the custom 'Product name' option and replaced with 'Replaces occurrences of KeyHelp with the neutral Control Panel' option
    • Updated the general white label user interface
    • Updated the current 'Hidden contents' section to 'User interface settings' section
    • Updated internal names, storage locations, etc. of the elements stored within the white label settings
  • Updated the CLI badges for error/important messages to be no longer localized (by default), as this results in an inconsistent message output
  • Added option to clear a mailbox, if it is a forwarding account and consumes above 1 MB disk space
  • The disk space consumption of a forwarding mailbox is now already displayed when the mailbox consumes more than 1 MB
  • Updates the visuals on the mailbox consumption for a forwarding mailbox to save horizontal space
  • Improved the texts for DNS blacklist/whitelist labels to minimize confusion
  • Updated the notes on the user privileges settings
  • Updated the redirect target when submitting the 'Email notification -> General settings' form to be more logical
  • Improved warning message in the extended installation log
  • Improved various user interface texts and wordings in the English and German base language to be more consistent, easier to read and to comprehend
  • Improved consistency of multiple email notification texts and subject lines
  • Updated the KeyHelp cronjobs to use /bin/bash instead of /bin/sh for keyhelp, keyhelp-firewall, keyhelp-monitoring, keyhelp-rspamd-learn, and keyhelp-sa-learn
  • Updated various string structures for event log records
  • Protected the postfix email server (MTA) against email smuggling
    • Debian 10: Uses the short-term workarounds suggested by postfix
    • Debian 11: Uses the long-term fix suggested by postfix
    • Debian 12: Uses the long-term fix suggested by postfix
    • Ubuntu 20: Uses the short-term workarounds suggested by postfix
    • Ubuntu 22: Uses the short-term workarounds suggested by postfix
  • Improved database stability when performing long-running tasks (like Backups) on Systems >= Ubuntu 22 & Debian 12
  • Improved error handling on database startup errors on Systems >= Ubuntu 22 & Debian 12
  • Used 'System (root)' consistently for all occurrences where resources do not belong to a certain user, but instead belong to the system / the administrators (e.g. SSL/TLS certificates, Bulk operations, Scheduled tasks)
  • Reduced the number of translations required due to word streamlining and reassignment of strings within the .po files
  • Reduced possible confusion about which maintenance interval task belongs to which configuration page by adding additional help texts

API Changes

  • Updated the endpoints '[GET] /domains' and '[GET] /clients/{id}/resources' to now return the traffic accumulated in the current month for the corresponding domain
  • Fixed the misspelled 'aliases' and 'aliases_utf8' fields on the endpoint '/emails' - the old misspelled fields 'aliasses' and 'aliasses_utf8' are marked as deprecated and should no longer be used
  • Fixed some spelling mistakes in API documentation
  • Prevented adding email aliases with a different domain than the domain of the email account
  • Provided the API definition file now also in JSON format under /api/openapi.json
  • Increased API version to 2.8

Tool Updates

  • Roundcube 1.6.6
  • SnappyMail 2.33.0
  • Restic 0.16.3
  • Rclone 1.65.2

Vendor Library Updates

  • Font Awesome 6.5.1
  • Chart.js 4.4.1
  • Twig 3.8.0
  • CodeMirror 5.65.16
  • PHPMailer 6.9.1
  • phpseclib 2.0.46
  • TinyMCE 6.8.2
  • symfony/yaml 5.4.35
  • symfony/polyfill-php80 1.28.0
  • monolog/monolog 2.9.2


  • Updated Arabic (100%) | Thanks to Mohammed Al Shamlan
  • Updated Brazilian Portuguese (100%) | Thanks to Rogério Borba
  • Updated Catalan (100%) | Thanks to Otmar Schuster
  • Updated Dutch (100%) | Thanks to Bas Heijermans
  • Updated English (100%)
  • Updated French (100%) | Thanks to Chris Mehl
  • Updated German (100%)
  • Updated Hungarian (100%) | Thanks to Madarász László
  • Updated Italian (100%) | Thanks to Alessandro Daniele
  • Updated Norwegian (100%) | Thanks to Eirik Sikveland
  • Updated Polish (96%) | Thanks to Grafidea
  • Updated Russian (73%) | Thanks to Vladimir Alferov
  • Updated Spanish (100%) | Thanks to Otmar Schuster
  • Updated Swedish (100%) | Thanks to Marwin Gripenfrost
  • Updated Turkish (100%) | Thanks to Serkan Türkkan

Fixes / Imperfections

  • Fixed an issue where the client's theme was updated instead of the admin's when an admin logged in as a client and changed the theme mode
  • Fixed an issue where the date format of the KeyHelp database and data backup during a KeyHelp update used an incorrect date format
  • Fixed an issue when using the 'Bulk Operations -> Updating the PHP version of domains and scheduled tasks' where the default PHP version may not get listed in the 'Current PHP version' dropdown
  • Fixed an email error notification during the spam learning cronjob when no email account exists on the server
  • Fixed an issue where determining the size of the email queue on the admin dashboard could be too slow when having a large mail queue and preventing the login into KeyHelp
  • Fixed an issue where the server clock displayed visitors local time instead of the server time
  • Fixed an error on certificate management page with certificates having a duplicate CommonName property
  • Fixed some incorrect redirect targets within the KeyHelp UI where the user may have been redirected to the wrong page in case of some edge-case errors
  • Fixed issues on systems with incorrectly set locale settings and the parsing of various system commands (e.g. swap may not be correctly determined, monitoring may not work properly)
  • Fixed a PHP notice that may occur during file upload: Trying to access array offset on value of type null” in /home/keyhelp/www/keyhelp/pages/client_file_manager.php on line 450
  • Fixed a PHP deprecation warning: preg_replace(): Passing null to parameter #3 ($subject) of type array|string is deprecated in /home/keyhelp/www/keyhelp/core/pending/File.php on line 244
  • Fixed a PHP deprecated warning when creating a Dropbox backup repository: trim(): Passing null to parameter #1 ($string) of type string is deprecated in /home/keyhelp/www/keyhelp/core/Backup/Storage/BackupStorageConfig/BackupStorageConfigDropbox.php on line 110
  • Debian 12 / PHP 8.2 | Fixed a PHP deprecation warning: Creation of dynamic property QRencode::$cmyk is deprecated in /home/keyhelp/www/keyhelp/vendor/phpqrcode/phpqrcode.php on line 3266
  • Debian 12 / PHP 8.2 | Fixed a PHP deprecation warning: Creation of dynamic property PwnedChecker::$numberOfDataBreaches is deprecated in /home/keyhelp/www/keyhelp/core/Security/PwnedChecker.php on line 90
  • Debian 12 | Fixed that OpenDKIM was installed (OpenDKIM is not needed on Debian 12)
  • Fixed an issue where the labels of the unban button did not match the modal window texts on the Fail2ban management page
  • Fixed some issues regarding backups being stopped during execution without an error message


  • Unified PHP package list installed from the pre-installer and the main install routine
  • Removed unnecessary duplicate Dovecot configuration checks
  • Adjusted the character input limits in the input field for FTP username
  • Adjusted the character input length in the input fields for database name & database username
  • Updated Easter eggs
  • Updated code structure by updating the association of functions to their corresponding files
  • Enhanced debug capabilities when KeyHelp is installed/running with debug mode
  • Updated Debian 12 to be capable of running in full debug mode (dev-server only)
  • Updated debug panel appearance
  • Changed the CLI badge label for an important message from 'Important' to 'Attention'
  • Added more features to help designing KeyHelp's configuration pages
  • Updated method on how Roundcube custom logo will be configured
  • Updated the way the Apache default log format is handled
  • Renamed various internal components to make them universal/independent of the software installed on the server
  • Updated database tables 'mail_users' and 'mail_aliases'
    • Renamed table to 'mail_aliases' to 'mail_routing'
    • Removed unnecessary fields from 'mail_routing' ('id_user', 'id_domain') and updated code accordingly
    • Updated column structure and order within the 'mail_users' table
  • Refactorings (performance improvement, implementation of new features, use of modern language features, streamlining, increased flexibility etc.)
    • Refactored Backup restore & process handling
    • Refactored Events class
    • Refactored BasicEnum class
    • Refactored BasicStorage & its derived classes
    • Refactored FileAccess class
    • Refactored FileTypeCategory class
    • Refactored ServerEmailAliases class
    • Refactored Curl class
    • Refactored Cloudflare class
23.2.1 30 October 2023
23.2 28 September 2023
23.1.1 09 May 2023
23.1 04 May 2023
23.0 19 January 2023
22.2 07 September 2022
22.1.1 18 July 2022
22.1 13 July 2022
22.0.1 03 June 2022
22.0 24 March 2022
21.3 14 December 2021
21.2 14 September 2021
21.1 12 July 2021
21.0 16 March 2021
20.3.2 01 February 2021
20.3.1 03 November 2020
20.3 28 October 2020
20.2 30 July 2020
20.1 19 May 2020
20.0 18 February 2020
19.3.1 05 November 2019
19.3 29 October 2019
19.2.1 24 July 2019
19.2 16 July 2019
19.1 06 May 2019
19.0.1 03 April 2019
19.0 04 March 2019
18.2.1 20 December 2018
18.2 05 December 2018
18.1.1 11 June 2018
18.1 16 May 2018
18.0 12 March 2018
17.2.1 21 November 2017
17.2 14 November 2017
17.1.2 03 August 2017
17.1.1 02 August 2018
17.1 24 July 2017
17.0.0 03 April 2017
14.7.2 29 November 2016
14.7.1 12 October 2016
14.7.0 23 August 2016
14.6.4 29 June 2016
14.6.3 25 May 2016
14.6.2 29 April 2016
14.6.1 21 March 2016
14.6.0 29 February 2016
14.5.3 25 January 2016
14.5.2 07 December 2015
14.5.1 14 October 2015
14.5.0 15 September 2015
14.4.1 26 May 2015
14.4.0 06 May 2015
14.3.1 20 January 2015
14.3.0 02 December 2014
14.2.1 27 August 2014
14.2.0 26 August 2014
14.1.0 08 July 2014
14.0.0 28 May 2014