VladPolskiy/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2025-08-01 15:36:00 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
843b7a6cc378dfe7976d3023b81380e679e7a8f4
webmin/CHANGELOG
Kay Marquardt 5cab428142 credit for new developments
2018-03-07 09:36:30 +01:00

240 lines
17 KiB
Plaintext
Raw Blame History

---- Changes since 1.140 ----
Fixed a security hole that allowed any user to view the configuration of any module, even those that they should not have access to.
Fixed a security hole that could allow an attacker to lock valid users by sending a bogus username or password.
---- Changes since 1.150 ----
Updated the setup.sh script to use MD5 password encryption by default, on systems where Perl supports it.
Fixed a security hole in the maketemp.pl script, used to create the /tmp/.webmin directory at install time. If an un-trusted user creates this directory before Webmin is installed, he could create in it a symbolic link pointing to a critical file on the system, which would be overwritten when Webmin writes to the link filename (CVE bug CAN-2004-0559).
When PAM is used for Unix authentication, expired passwords are now detected and the user is prompted to select a new password (if this feature is enabled on the Webmin Configuration module).
Make all functions in ui-lib.pl themable, allowing themes to have more detailed control over modules that make use of this library.
Updated all modules to call ui_print_header instead of calling header and printing <hr>, so that themes can avoid the <hr>. Also updated the MSC theme to do this.
---- Changes since 1.160 ----
Added support for Solaris 10.
Included several additional translations for various languages and modules.
Added support for config- files that allow a range of OS version numbers, and used this to reduce the number of standard config files.
---- Changes since 1.170 ----
When installing a module from the command line, by it will be granted to the same users who receive new modules when Webmin is upgraded. By default, this is root and admin.
Added basic support for multiple root directories, so that Webmin modules can be separated into core and third-party on the filesystem.
When installing or upgrading Webmin, password timeouts are now enabled by default. This protects against brute-force password guessing attacks.
---- Changes since 1.180 ----
All subheadings have been reduced in size when using the default MSC theme.
All modules now use a new API for writing to configuration files, which ensures that the file does not get written to or truncated if the system is out of disk space.
---- Changes since 1.200 ----
On Solaris systems that support RBAC, available modules and access rights can now be derived from RBAC for selected users. This can be enabled on a per-user or per-module basic in the Webmin Users module.
---- Changes since 1.210 ----
Added a new Global ACL control option to limit a user to read-only mode. This does not yet support all modules, but in those that are supported any changes the user makes will simply not take effect.
Restarting of Webmin is now much faster in some modules that do not need a full configuration reload, due to the addition of a function that justs tells miniserv.pl to re-read its config file.
---- Changes since 1.220 ----
Added basic support for running Webmin on Windows system with ActiveState Perl installed. The new setup.pl install script must be used, as the setup.sh shell script cannot run on Windows.
Fixed a bug that could allow a remote attack if the option to use full PAM conversations is enabled.
Improved the Webmin RPM to not lose the /etc/webmin directory when upgrading from an RPM by another vendor (like Mandrake or DAG).
---- Changes since 1.230 ----
Replaced all calls to the crypt() function with new code that will use the Crypt::UnixCrypt Perl modules on systems for with crypt() is broken.
---- Changes since 1.240 ----
Fixed a possible security hole caused by a bug in Perl.
---- Changes since 1.260 ----
Proxy settings made in the Webmin Configuration module are passed on to programs Webmin calls via the http_proxy and ftp_proxy environment variables.
Added automatically created UTF-8 translations for simplified and traditional Chinese.
---- Changes since 1.270 ----
Updated almost all modules that use tables to use the new ui_columns functions. This allows themes to do highlighting when a row is moved over or selected.
Added a new 'Simple Blue' theme, which uses fewer images and does table row highlighting.
Changed the way that Webmin log diff files are stored, so that they are categorized by action and not all in one huge directory.
---- Changes since 1.280 ----
Fixed security holes that allow remote read access to any file on the server for which the path is known.
---- Changes since 1.290 ----
SELinux security contexts are preserved on files safely modified by Webmin's write-and-rename code.
Added xmlrpc.cgi program, which provides an XML-RPC interface to all Webmin module functions.
Tested and improved support for Fedora 5.
---- Changes since 1.300 ----
Fixed the rare bug about renaming the .webmintmp file.
---- Changes since 1.310 ----
Module configuration files can now be named based on the real operating system types, such as config-Ubuntu-Linux, which would be used in preference to config-debian-linux.
When a large file is uploaded, it is no longer read into memory by miniserv.pl.
Update the code that fetches mirror sites from Sourceforge, to handle their new website design.
Changed the default theme for all installs to the new framed blue theme.
Updated all rows of links (like select all, invert selection, add something) above tables to use a separator between links.
Added caching for sudo capable user checks, to avoid excessive slow calls to sudo.
Fixed a memory leak when running under ActiveState Perl on Windows.
---- Changes since 1.320 ----
Fixed XSS bugs in chooser.cgi.
If the operating system is upgraded after Webmin is installed, a button is displayed on the main page to update Webmin's view of the current OS.
Improved the tabs API to add an option to put a box around the visible tab, and whitespace around tabs.
If listening on all specified IP addresses fails, Webmin will fall back to accepting connections on any address.
All Module Config pages are now generating using new ui-lib.pl code, for easier theming.
Added a global access control option to set the Unix user the file browser lists directories as.
---- Changes since 1.330 ----
Added more ui-lib.pl functions for hidden page sections.
Fixed another XSS bug in chooser.cgi.
The Webmin function to get the system's hostname now reads a file instead of calling the hostname comment, which is faster.
Added an ACL option to the file chooser for additional directories to allow access to.
Changed the way sizes are displayed, to use a format like 1.32 GB or 8 kB.
Removed letter images (used by the old theme), and forced the standard header function to always use text titles.
Added support for Slam64 Linux.
---- Changes since 1.340 ----
Added Redhat Enterprise release 5 support.
Requests to the /unauthenticated URL can never execute CGI programs, to provide an extra layer of security against URL escaping attacks.
Fixed XSS bugs in pam_login.cgi.
---- Changes since 1.370 ----
Hid the Jabber and Security Sentries modules by default, as the underlying software is no longer supported.
On Linux systems, sped up the function for finding processes so that it no longer has to launch 'ps' - instead, it reads /proc directly.
When read_file_lines is used to read a file, the Unix or Windows newlines will be preserved when it is written out.
---- Changes since 1.380 ----
Added a search box to the left frame of the blue theme, for finding modules, config options, help pages and text.
All images, CSS and other static content served by Webmin has an HTTP Expires for 1 week in the future, to improve cachability.
Lock files are automatically removed when the process creating them exits.
NetBSD 4.0 support.
Italian and Catalan translations contributed for many modules, thanks to Giovanni and Jaume Badiella.
Changed the error message that appears when Webmin detects a link from another web page, and removed the button to allow the link (which was unreliable anyway).
---- Changes since 1.390 ----
Links from unknown referers are now blocked by default, to prevent XSS attacks. This may break browsers that don't supply a Referer: HTTP header.
---- Changes since 1.400 ----
Big Czech translation updates, thanks to Petr Vanek and the Czech translation team.
All popups in Webmin are now XSS-safe, and thus do not need protection from unknown referers which prevented them from working in some browsers.
All Webmin session IDs are now stored MD5 hashed, to prevent sessions from being captured if the sessiondb DBM is somehow read by an attacker.
Many Dutch updates, thanks to Gandyman.
MD5 encryption for Webmin and Unix passwords can be used on systems that have either the MD5 or Digest::MD5 perl module, or support it in the crypt() function.
---- Changes since 1.410 ----
Many Korean updates, thanks to JoungKyun Kim.
More Dutch updates, thanks to Gandyman.
Added a debugging log file, which records all files read and written, commands run and more. This can be enabled in the Webmin Configuration module.
---- Changes since 1.420 ----
Many Greek translation updates, thanks to Vagelis Koutsomitros.
Catalan translation updates by Jaume Badiella.
Many Dutch translation contributions by Gandyman.
---- Changes since 1.430 ----
A large Croatian translation update, thanks to Domagoj Bikic.
When a user whose password is close to expiry or has already expired logs in, a warning will be displayed on Webmin's first page.
Many Japanese translation updates, thanks to Kazuya Masuda.
---- Changes since 1.440 ----
Russian translation updates, thanks to Anton Statutov.
Webmin's serialization functions can now handle objects, which allows them to be passed as parameters to remote function calls. Both caller and recipient must have the object's class installed though.
Converted commands in the core web-lib-funcs.pl API file to POD format, and added more details about each function.
---- Changes since 1.450 ----
Added a language option for UK english, and converted words in the default Webmin language to US english.
Major Dutch translation updates, thanks to Gandyman.
Catalan translation updates by Jaume Badiella.
Converted all core modules to use the new WebminCore perl module instead of web-lib.pl. This significantly improves memory use and load time in code that uses functions from multiple modules, asssuming they have all been converted.
---- Changes since 1.470 ----
Catalan translation updates by Jaume Badiella.
Added an UTF-8 encoding of the Russian translation, thanks to shavlukov@gmail.com.
French translation updates by ButterflyOfFire.
Dutch translation updates by Gandyman.
Dramatically improved Webmin's search function, to include links to pages that help or UI text comes from. Also changed the layout of results to a more Webmin-ish style.
---- Changes since 1.480 ----
Catalan translation updates by Jaume Badiella.
Dutch translation updates, thanks to Gandyman.
Beginnings of a Basque translation, thanks to Mireia Lezea.
---- Changes since 1.500 ----
Czech translation updates, thanks to Karel Hudan.
The Webmin RPM now preserves the /etc/webmin directory when un-installed and then re-installed.
Added a robots.txt file to block indexing of Webmin by search engines.
The Webmin search box can now be disabled in the Webmin Users module, under "Permissions for all modules".
Brazillian Portuguese translation updates for several modules, thanks to Djavan Fagundes.
---- Changes since 1.510 ----
Dutch translation updates, thanks to Gandyman.
Polish translation updates, thanks to Dariusz Dêbowski.
---- Changes since 1.520 ----
Catalan translation updates by Jaume Badiella.
---- Changes since 1.530 ----
Sped up the loading of language files by pre-caching them in memory when Webmin is started, and not performing sub-string substitutions in most modules.
Added support for Pardus Linux, thanks to Kaan Ozdincer.
Major Dutch updates, thanks to Gandyman.
Majoe French translation update, thanks to ButterflyOfFire.
Allow per-language language overrides to be defined, in custom-lang.$code files.
Updated numerous modules to improve support for Debian 6 and Ubuntu 10.10.
If a browser asks for gzip compression, Webmin can now return compressed content either generated dynamically or from a pre-compressed .gz file in the same directory. Dynamic compression depends on the Compress::Zlib perl module.
Added support for Amazon Linux.
---- Changes since 1.550 ----
Catalan updates, thanks to Jaume Badiella.
Italian translation updates, thanks to Andrea Oliveri.
Major German translation updates, thanks to Raymond Vetter.
---- Changes since 1.560 ----
More German translation updates, thanks to Raymond Vetter.
More French translation updates, thanks to ButterflyOfFire.
---- Changes since 1.570 ----
Even more German translation updates, thanks to Raymond Vetter.
Added UTF-8 encodings for languages using the iso-8859-2, like Czech and Polish.
Catalan updates, thanks to Jaume Badiella.
Norwegian translation updates, thanks to Stein-Aksel Basma.
The MySQL, PostgreSQL, Filesystem Backup and Backup Configuration Files modules now all support the use of Webmin variable substitutions in backup paths (like $HOSTNAME) via a new Module Config option.
---- Changes since 1.580 ----
Even more German translation updates, thanks to Raymond Vetter.
More Dutch updates, thanks to Gandyman.
Catalan updates, thanks to Jaume Badiella.
Norwegian updates, thanks to Stein-Aksel Basma.
All languages now have UTF-8 encoded variants, as well as their native character sets.
Added support for Ubuntu 12.04.
---- Changes since 1.590 ----
Even more German translation updates, thanks to Raymond Vetter.
Norwegian updates, thanks to Stein-Aksel Basma.
Dutch translation updates, thanks to Gandyman.
Switch order of command and mode in debug logs to make it clear that "mode=X" is part of the log, not part of the command.
Added the new Gray Framed Theme, and made it the default for new installs.
---- Changes since 1.600 ----
Even more German translation updates, thanks to Raymond Vetter.
Catalan updates, thanks to Jaume Badiella.
---- Changes since 1.610 ----
Norwegian updates, thanks to Stein-Aksel Basma.
Catalan updates, thanks to Jaume Badiella.
Yet more German translation updates, thanks to Raymond Vetter.
Polish translation updates from Piotr Kozica.
---- Changes since 1.620 ----
More German translation updates, thanks to Raymond Vetter.
Polish translation updates from Piotr Kozica.
Norwegian updates, thanks to Stein-Aksel Basma.
Improved FreeBSD 8 and 9 support across multiple modules.
Hungarian translation updates from Balázs Zoltán.
---- Changes since 1.650 ----
More German translation updates, thanks to Raymond Vetter.
Norwegian updates, thanks to Stein-Aksel Basma.
---- Changes since 1.660 ----
More German translation updates, thanks to Raymond Vetter.
Norwegian updates, thanks to Stein-Aksel Basma.
Catalan updates, thanks to Jaume Badiella.
IPv6 access control now match an address exactly, unless a network size is entered.
FTP uploads and downloads to IPv6-only servers now work properly, thanks to support for the EPSV protocol command.
Added a Bahasa Malaysia translation, thanks to Nawawi Jamili, Nizam Adnan and Weldan Jamili.
Added filtering for lists in the user, group and file chooser popups, thanks to a patch from Nawawi Jamili.
---- Changes since 1.670 ----
More German translation updates, thanks to Raymond Vetter.
Norwegian updates, thanks to Stein-Aksel Basma.
Catalan updates, thanks to Jaume Badiella.
Security fixes for XSS attacks in user_chooser.cgi and other scripts.
---- Changes since 1.690 ----
More German translation updates, thanks to Raymond Vetter.
Support for RHEL 7, CentOS 7 and other derivatives in multiple modules.
---- Changes since 1.700 ----
More German translation updates, thanks to Raymond Vetter.
Catalan updates, thanks to Jaume Badiella.
Added additional protected against Shellshock exploits made via the Webmin webserver.
---- Changes since 1.710 ----
SSL v2 and v3 are now disabled by default at Webmin install time, to block the POODLE attack. They can be re-enabled on the SSL Encryption page of the Webmin Configuration module.
---- Changes since 1.720 ----
Deprecated the old blue-theme in favor of the new gray-theme.
Catalan translation updates from Jaume Badiella.
More German translation updates, thanks to Raymond Vetter.
---- Changes since 1.730 ----
More German translation updates, thanks to Raymond Vetter.
Norwegian updates, thanks to Stein-Aksel Basma.
The awesome new Authentic Theme by Ilia Rostovtsev is now included in the Webmin package.
Catalan translation updates from Jaume Badiella.
---- Changes since 1.740 ----
Norwegian updates, thanks to Stein-Aksel Basma.
Catalan translation updates from Jaume Badiella.
More German translation updates, thanks to Raymond Vetter.
---- Changes since 1.750 ----
Norwegian updates, thanks to Stein-Aksel Basma.
Catalan translation updates from Jaume Badiella.
More German translation updates, thanks to Raymond Vetter.
Fixed an XSS bug that allowed xmlrpc.cgi to be abused by a malicious link.
---- Changes since 1.760 ----
For new installs, switched the location of data files in many modules to /var/webmin instead of /etc/webmin.
---- Changes since 1.790 ----
Added a recent logins section to the System Information page.
Major rework of majordomo module, Kay Marquardt
---- Changes since 1.870 ----
German translation updates, thanks to Raymond Vetter.
Catalan translation updates from Jaume Badiella.
Bulgarian translations from Grigor Gatchev.
Added Support for Synology NAS and opkg/ipkg Community Package Manager, Kay Marquardt
Added Support for configuring spam filtering when amvisd is used, Kay Marquardt
Reference in New Issue View Git Blame Copy Permalink