Refactored all Dnsrecord constants to enums (using myclabs/php-enum Enums as pre-PHP 8.1 enum workaround).
Using new airpane-agent API for dnszone generation/deployment. airpane-agent#181
Lowered letsencrypt CLI action lockfile expiry from 600 to 300 (5mins).
DB table structure: Renamed table dnsextras to dnsrecords.
Cleanup: Removal of legacy config params in application.ini and local-*.ini
Upgraded Highcharts.js to 9.3.3
Upgraded apidoc to 0.29.0
Changed default PHP version for new webabos to PHP 8.1
DB table structure: Renamed customer/contact fields salutation, title (was: title, nameprefix). #260
DB table structure: Removal of mailaccounts.abo_id linking which is no longer needed. #262
Removed default mail CNAME from all customer DNS zones, as this record just caused validation issues/confusion where customers tried to define new TXT records. #263
DB table structure: Removal of legacy/unused webabo fields billcontact_id, techcontact_id. #264
Improved validation for SRV resource records in DNS manager, protocol/service no longer accept whitespaces and must start with underscore.
Removed PHP manager support for legacy PHP 7.2.
Upgraded shardj/zf1-future to 1.21.4 with improved support for PHP 8.1
Cleanup: Removal of various obsolete contact fields in customer/contact model: projectid, tshirt_*, type, skype, switch_*, import_*, and such. #270
Stricter validation of service/protocol in DNS SRV resource records: Only allowed to contain word characters \w (equivalent to [a-zA-Z0-9_]). #271
Run sslcertretrydnsfailed CLI action cronjob more often (every 3hrs instead of once a day), so that issues/reissues on SSL certs with failed DNS checks are getting retried faster.
CRM: Added extra filters (Zend_Filter_StringToLower, Onlime_Filter_Domain) on domain registration memo field.
CRM: Improved exception handling for abo creation form, now outputting INWX API error message directly on domain registration/transfer instead of producing a fatal error
CRM: Changed mediatorcode input field to Chosen select with all customer mediator codes for easier input.
CRM: Added webmaster notification on perdate statements that are going to be billed after the next 4 days.
CRM: Number of months for mediator bonus/rebate can now be configured on customer level.
Removed ftp.CUSTOMERDOMAIN from default DNS CNAME resource records on customer domains, as this was never really used and caused some confusion.
Cleanup: Removal of obsolete product feature flags. #275
Cleanup: Removal of obsolete mwstcodes/accounts tables and all references. #276
Cleanup: Removal of redundant domains.pending flag. #278
Applied httpd_extra ProxyPass to RewriteRule replacements to workaround 96 chars limit in Apache 2.4, now done directly in subdomains table data. #279
Bexio API: Using template_slug for invoices instead of deprecated logopaper_id.
Replaced legacy password hashing algo from SHA512 to BCRYPT on FTP account logins as last component, as ProFTPd 1.3.7a from Debian 11 Bullseye now finally supports BCRYPT. #247
Improved update-awstats.pl to support passing date argument to generate reports for a different date than current. #281
DB schema: Renamed domains.dirty to domains.force_update to avoid confusion with common dirty state on Eloquent models (Laravel).
Using hackzilla/password-generator for random password generation, replacing our own implementation.
Simplified PHP configuration parsing, giving up on obsolete customer php.ini generation, only generating PHP-FPM pool overrides. #282, #295
Removal of legacy StatusCake API administration (checks for limePRO customer domains) which was no longer used for years.
Replaced own string helper methods with PHP 8 str_starts_with(), str_ends_with() functions.
Simplified mailaccount edit forms (mail/cp module), removed comment and username fields in mail module, as that was just redundant (read-only) data.
Coding standards: Removed obsolete language="javascript" attribute on all script tags.
Simplified mail module navigation menu, moved all menu items to top level.
Simplified mail module forwardings list, only displaying target email.
CRM: Display rebate percentage of invoice positions as int instead of float with trailing decimals.
Improved AsciiCharacters filter by replacing our previous iconv solution with voku/portable-ascii Portable ASCII, same implementation as Laravel's Str::transliterate() helper method.
Allow additional SSH pubkey types in SSH manager: ecdsa-sk, ed25519, ed25519-sk (in addition to ecdsa, rsa). #286
External libraries: Detached Bexio API client fork from christianruhstaller/bexio-api-php-client and released under own onlime/bexio-api-client.
Upgraded onlime/bexio-api-client to 0.4.0
Only get Bexio contacts below customer number 8000 to prevent any Bexio API resource limits (max. 2000 result limit enforced by Bexio).
SSLcert status DELETE is now used to flag an SSL cert for deletion upon next letsencrypt run. Introducing new DELETING status while certificate is getting deleted from webserver.
Improved domain registration handling, introducing a new abo pending status for domains that are not yet registered/transferred.
Updated sokil/php-isocodes to 4.1 with sokil/php-isocodes-db-i18n database, for PHP 8.1 support.
Domain consistency check: Also fix end date of abo period if a domain expiry at registrar (INWX) has diverged by more than 31 days (max 90 days).
DB schema: Renamed dnsrecords.data to dnsrecords.txt_data to avoid future conflicts (e.g. with Inertia.js form helper in airpane-next).
DB schema: Allow NULL in dnsrecords.pri for DNS resource records other than MX, SRV, where priority is not used.
DB schema: Changed sslcerts.profile, sslcnmaps.profile from VARCHAR to ENUM.
DB schema: Add UNIQUE INDEX to sslcert_altnames.
DB schema: Removed active flag on addondomains table, as this was only planned for a never introduced feature.
Applied PHP-CS-Fixer style fixing by Pint, using laravel preset with some rule finetuning. #294
Improved array comparison in Sslcert and Webabo model, now using isEqual(), isIdentical() array helper methods.
Upgraded lcobucci/jwt to 4.2.1 (with added validation for key length requirements).
DB schema: Changed subdomains.ip_address to VARCHAR(45) DEFAULT NULL.
DB schema: Changed all dnsrecords rows to DEFAULT NULL.
Addondomain consistency: Only domain alias/pointing should directly point to a subdomain, setting it to NULL on domain redirect/proxypass.
Lowered cronjob.trafficwarn.percentage threshold from 90% to 80% for traffic quota exceeded warnings.
Improved retry schedule on failed DNS checks for SSL certs in request/reissue state, now running every hour during the first 7 days, every 2 days thereafter.
DB schema: Renamed Htaccess/HtpasswdProfile/HtpasswdUser models to ProtectedDir/PdProfile/PdUser. infra#217
Config cleanup: Removal of redundant system.servers[] configuration, introducing new ConfigHelper.
Improve log reporting of inaccurate SAN list in sslcertfixexpiring CLI action: existing and reissued SAN list is now in sorted order.
Added detailed debug logging to Sslcert::isHttp01ChallengeReady().
Improve performance of Sslcert::isHttp01ChallengeReady() by only doing authoritative NS lookup once.
Refactored Onlime_Util_ArrayHelpers to namespaced App\Util\ArrHelper.
Added Redis PHP extension (redis.so) as hidden extension for PHP 8.1.
Use spatie/once object level method caching in DnsLookup helper class, replacing our previous implementation with caching in properties.
Preventing overlapping letsencrypt cronjob runs after sslcertretrydnsfailed.
Make low bill sum threshold configurable on customer model, so that we can set individual thresholds.
Removal of legacy ESR account numbers and related code, as Postfinance only supports QR-IBAN as of 2022-11-21. #296
Improved validation for DNS resource records: RRs of same RRSet can no longer have different TTLs (according to RFC2181). This fixes TTL set to prior TTL warnings in Bind9 zonefile loading. infra#964
Improved DnsrecordMxCnameConflict validator for DNS resource records: Default CNAMEs that have been overridden by a customer A/AAAA record now no longer prevent the customer from creating an MX record pointing to that custom A/AAAA record.
Fixed deletion of mailinglist mailmaps (forwardings) on mailinglist deletion. As MySQL triggers don't support cascading deletes, we had to implement this in a separate mailinglists_before_delete trigger.
Removal of legacy SSL cert cleanup job which was triggered by ExecStartPre hook on certbot renewal runs and which caused unexpected deletion of certificates where cert name no longer resolved in DNS. Replaced this by sslcertfixexpiring CLI action cronjob which does a much smarter consistency / DNS resolving check for all certs that are nearing expiry. infra#920
Cleanup/fix: Prevent shared owner contact handles for domains that belong to different customers, reassigning them to new/existing contact handle with customer data (affects WHOIS data). #268
CRM: On domain registration move to a different customer, the domain's owner contact handle (+ WHOIS data) now gets updated. #268
Fixed regression where domain from abo memo field was not added to billing statement description details, but using webabo username instead.
CRM: Sync of customer billing address to Bexio API now respects bill_personal flag, where customer name should not appear on invoice.
Respect default CNAME resource records on DnsrecordCnameConflict validation to ensure the customer is not trying to create another record (e.g. TXT) on an already existing CNAME record (which is not allowed according to RFC 1912).
Filtering double quotes from AuthName in htaccess password protection form. #272
DNS manager: Allow overriding of default CNAME RRs like ftp, www, lists, imap, pop, smtp, autoconfig by any other RR than a CNAME. Now, you could override them by an A-record. #273
Fixed legacy PHP handler checks for child webabos.
Fix problems with new Bexio API GET requests limit (500 instead of 1000), using max limit of 2000 contacts/invoices. #277
Prevent zero amount in statements which are generated by abo end date changes, only generating statements with positive amount (respecting decimal precision in database).
DB schema: Fixed default value of correspondences.updated_at.
Fixed problems with airpane-agent which got more strict about request JSON data since Flask 2.1: Always include JSON data on mailinglist addMember(), even if no password is passed. airpane-agent#194
Fixed abo activation on domain transfers with previous state UPDATE REQUESTED. #291
Only activate abo on domain registration/transfer via CRM once status from registrar has changed to OK.
Fixed removal of IDNA encoded mailmappings on webabo removal where deletion previously did not propagate via mailsync to mail servers.
Don't try to update legacy non-existing dnszones.wildcard flag on related dnszone serial updates when editing a subdomain's catchall_vhost flag.
Fixed IPv6 AAAA DNS resource record validation on SSL cert check for subdomains.
Changed cronjob frequency explain links from Corntab.com (dead site) to working Crontab.guru links.
Added support for Laravel Valet with application environment variables in .valet-env.php and LocalValetDriver for cachebusting URI rewrites. #232
CRM: Added admin task to trigger regeneration of maintenance mode site 00-maintenance.conf.
Added airpane-agent support for Roundcube webmail on a different webserver (other than main webserver).
CRM: Added abo level discounts which override customer discount. #240
CRM: Added key_account flag to customer model to mark VIPs as key account customers. #239
Re-introduced mailsync consistency check as mailsync AFTER INSERT/UPDATE triggers are not transaction-safe. #241
Added GitLab links to CHANGELOG release titles to compare releases.
You can now add the alternative hostname (temp URL provided by Onlime) to the SSL certificate of a subdomain, which will trigger a SSL cert reissue with the added hostname in subjectAltNames (SAN). #250
Added consistency check for SSL certificates where certbot has reported WARNING log lines. This ensures that there is no silent degradation of certificate subjectAltNames (SAN) in case of a Certbot DNS failure in combination with --allow-subset-of-names. #253
DNS manager: Allow lower 1min TTL for customer defined DNS resource records (previously was limited to 5min minimal TTL). #254
Retry SSL cert (re)issues for certs that have previously reached the max DNS resolving failure count. After reaching the max, only retry once a day. This will result in issued SSL certs for domain redirects which currently cannot get force reissued by the customer.
DB schema refactoring: Change all PK/FKs from INT to BIGINT UNSIGNED, renamed all FK indexes/constraints for Laravel compatibility (airpane-next). #228
Changed webabos.dbsourcehosts data type from LONGTEXT to VARCHAR, now casting data to comma separated list. #218
Replaced airpane-agent mailsync with MySQL triggers / FEDERATED airpane-mailsync db tables / MySQL replication on mailservers. #233
Removed create_primary_mailaccount feature, no longer creating initial info@CUSTOMERDOMAIN mailaccount on webabo creation. We don't like to send plaintext passwords!
Removed support for legacy mailaccount username creation (e.g. foo_example_com or webXYZp1) as now all systems support email as username. #234
Removed ext-xmlrpc requirement from composer.json, as we only use the JSON-RPC API in inwx/domrobot and don't use XML-RPC anywhere else.
Prevent editing of inactive mailaccounts (general settings like spam filter level, quota, mailaccount username changes, and vacation messages), as this previously caused problems with mailaccount authentication on Sieve script deployment on IMAP server side. #237
PHP 8.0 Support: Upgraded lcobucci/jwt to 4.1.2, migrated to new Lcobucci\JWT\Configuration object and Token API. #236
PHP 8.0 Support: Upgraded violuke/rsa-ssh-key-fingerprint to v1.1.1 with fixes for PHP 8.0 (by Onlime). #236
PHP 8.0 Support: Upgraded bjeavons/zxcvbn-php to 1.2.0. #236
PHP 8.0 support: Upgraded shardj/zf1-future to 1.19.1. #236
CRM: Validate statement amount to ensure it is a positive float - no negative amount allowed due to Bexio invoice restrictions. Unit price could still be negative for any credit vouchers.
Lowered agent.dovecot.cache_ttl from 3h to 1h, so that mailaccount quotas are updated every hour.
Upgraded mailaccounts password hashing from SHA-512 to BCRYPT. #243
Upgraded .htpasswd users password hashing from SHA1 to BCRYPT. #245
Upgraded customerlogins/adminlogins password and customer.apikey hashing from SHA-512 to BCRYPT. #248
Upgraded mailinglists apikey hashing to BCRYPT. #248
Switched from Sodium encryption to JWT token based authentication for SSO in CRM and Roundcube plugin. #251
Upgraded guzzlehttp/guzzle to 7.2.0. #252
Upgraded aternus/geonames-client to 2.1.0. #252
Upgraded twilio/sdk to 6.18.0. #252
Upgraded pingencom/pingen to 1.2.7
Upgraded genkgo/camt to 2.0.0
Upgraded twig/twig to 3.3.0
Replaced our own crontab frequency validation (super complex regex) with hollodotme/crontab-validator.
Reversed mailaccount spamlevel numbering (0-4 now means minimal-radical), as this makes more sense and is easier to handle in frontend components like Vuetify v-slider. #255
Renamed mailaccount rcpt_max_upper field to senderlimit_max and added fields for senderlimit used counter and quota.
Refactored Onlime_Manager_* classes for airpane-agent API access to prepare for Airpane-next.
Removed pear/net_sieve requirement, replaced by new airpane-agent API Sieve script management endpoints. airpane-agent#174
Removal of Dovecot IMAPd admin user credentials, as this is no longer needed since having migrated Sieve deployment to airpane-agent API.
Refactored Onlime_Mail_Sieve factory pattern into a single class which accesses Dovecot/Pigeonhole Sieve through airpane-agent API. airpane-agent#174
Refactored some enum type class constants in models to myclabs/php-enum Enums as pre-PHP 8.1 enum workaround.
Sieve scripts are now no longer generated directly in Airpane, using airpane-agent API PUT /sieve/<username> endpoint to trigger Sieve script generation and activation. All templating is done on airpane-agent side. airpane-agent#175
Refactored Sieve script consistency check, which is now offloaded to airpane-agent. Introduced new sieve_dirty flag on mailaccounts model to fix any inconsistent Sieve script via CRM admin action. airpane-agent#175
Translated boolean switches in all forms from On/Off to German Ein/Aus
Removal of legacy mailaccount field virusprot - antivirus protection is always enabled on all mailaccounts.
Renamed all mailaccount vacation message fields to use vacation_ prefixes. Split up vacation message activation into own switch (vacation_active), separate from period/validity (vacation_period).
Dnszone deployment: Migrated from legacy update-dns.pl pull deployment to new airpane-agent dnszone API endpoints. airpane-agent#101
Refactored legacy DnsChecks util class to new Nslookup class, removing code duplication and using some PHP 8 features. #258
Reworked SSL cert handling / subdomain overview, so that now the cert name (formerly known as CN) is now part of SAN (Subject Alternative Name) list, also providing it in alt names for airpane-agent API endpoint. As all names were always part of the Let's Encrypt cert SAN list, this makes much more sense and simplifies a lot.
Bexio contact synchronization: email2 is no longer synced to Bexio contact's secondary email, only sync billing email CC address if it exists.
Workaround for MySQL 8.0 authentication support, as ENCRYPT() was removed.
Various MySQL 8.0 compatibility fixes (reserved keywords). #229
Fixed database user manager where it was not possible to edit an existing MySQL user due to username existence validation.
Fix for maintenance mode HTTPS virtualhosts: Only take ready SSL certs into account, ignoring pending/hold.
Fixed mailaccount quota warnings for overquota mailaccounts where quota was not correctly raised for message delivery, after having migrated to new airpane-mailsync solution with FEDERATED tables.
Fixed various problems with IDN domains on mailaccount creation / mail routing. #234
Fixed splitting of email address in email forwardings, where user provided multiple addresses comma separated (previously just supported semicolon as separator).
Fixed hostname validation in DNS manager when trying to add an URL instead of a hostname as MX record target.
CRM: Retry to issue a Bexio invoice on next billing run, if there are any bills without assigned Bexio invoice. This fixes problems with Bexio API import failures.
Fix generating DKIM keypairs for new dnszones and remove deployed keys upon dnszone removal. #244
Fixed regression where MX check did not affect transport_suspended status of new mailaccounts. MX check does now affect again mailaccounts in addition to mailmaps and maildomains, so new mailaccounts with a domain that does not yet point to our mailservers are correctly deactivated for delivery.
PHP 8.0 Support: Workaround for PHP 8 PDOException "There is no active transaction" on DDL statements in migrations.
Added support for PHP 7.4, migrated from onlime/zf1 (zendframework/zendframework1) fork to shardj/zf1-future. #223
Massive refactoring of MySQL database scheme: Merged Airpane databases into a single DB
Refactoring of database scheme to fulfil Laravel/Eloquent table naming conventions: renamed all FK constraints, renamed all pivot tables, renamed all FK column names, pluralized all table names
CRM: Removed obsolete zipcodes table, model, and ajax method which was no longer in use.
CRM: Removed table postalcodes and replaced own postalcode-to-city implementation by aternus/geonames-client, using GeoNames data (postalCodeLookup endpoint).
Removed legacy mailtemplate feature which allowed to set different access info mail templates (mailaccount creation in Controlpanel) for different webabos, which is no longer needed.
Mailaccount overview now only shows inactive email addresses greyed out, no longer displays primary email address of a mailaccount greyed out (which was misleading).
Cleanup: Removal of obsolete roundcubedb configuration, which was replaced by airpane-agent API long time ago.
DB schema cleanup: Migrated all tables from utf8 to utf8mb4 charset. #217
DB schema cleanup: Merged databases airpane_cp and airpane_crm into single database airpane, updated all FK constraints. #213
DB schema cleanup: Massive renaming of table/column names, pivot tables, FK constraints to fullfil Laravel naming conventions. #213
CRM: Removed archived (pre-Bexio) bills section.
CRM: Simplified accounts handling.
CRM: Removed whole accounting section, replaced by Bexio.
CRM: Removed local bills payment booking, replaced by Bexio.
CRM: Removed bill reminder functionality, replaced by Bexio.
CRM: Cleanup MWST codes and make bexio_id configurable in mwstcodes table.
Updated genkgo/camt to 1.1.1
Removed phpoffice/phpspreadsheet (no longer needed since accounting exports were removed)
Updated bjeavons/zxcvbn-php to 1.1.0
Removed pw_entropy from all login tables, as ZxcvbnPhp now no longer calculates entropy, only password strength score 0-4.
Dropped table countries in favor of sokil/php-isocodes for ISO 3166 country code/names lookup via helper util class.
Changed legacy datatable styling to striped layout for remaining views. Removed all cycle view helper usage.
Removed legacy table mediatorlogs as we are not tracking any referrers / mediator codes anymore for a long time.
Removed obsolete server/dbserver configuration in dbs/dbusers/webabos tables as it was never used.
Cleanup: Removed all PHP 7.1 php.ini overrides / extension configurations.
Cleanup: Removal of legacy NameSilo API integration.
Made Airpane ready for multi instance setup in dev environment to support different configurations / databases (DP & Onlime).
CRM: Hide server selection on limeDRIVE webabo creation form, defaulting server to drive.onlime.ch
Updated pear/net_dns2 to 1.5.2
Display suspended mail forwardings as suspended (greyed out with (suspended) hint). #222
Improved warning message on addondomain deletion, pointing out that email accounts of the deleted domain will remain active but delivery is suspended. #207
Fixed camt.054 parsing to support new ISO 20022 QR transactions of type 00 (Default ES).
Fixed duplicated subdomain on alternative URL VirtualHosts of webabos without domain (regression since v2.20).
CRM: Remove any linked SSL certs from subdomains on webabo main domain removal.
CRM: Request/reissue new SSL certs on webabo main domain change.
CRM: Fixed webabo configuration for domain mailadmin special accounts, created dummy subdomain www (repression since v2.20).
Avoid updating updated_at on all mailaccounts when setting last_quota_ok date in daily quotawarn cronjob.
Avoid updating updated_at on overquota webabos when setting last_filequotawarn timestamp during daily filequotawarn cronjob.
DNS manager now shows again update date instead of creation date on custom extra DNS resource records.
Fix for regression since v2.20 rework of master/slave subdomains: PHP handler is now also updated on slave subdomains if changed on master and all affected Apache sites are reconfigured (not just the master's site).
Fix for regression since v2.20 rework of master/slave subdomains: httpd_extra configuration is now also applied to slave subdomains by reconfiguring Apache site, if changed on master.
Fixed regression since v2.20 in addondomain manager: Addondomain limits should not be checked/enforced if an addon domain is edited without changing its type (alias/redirect/pointing).
Fixed regression since v2.20 in subdomain manager: Rename subdomains on filesystem prior to renaming subdomain model name.
Purge mailaccount quotas cache (APCu) upon mailaccount reactivation, so that upon next quota lookup, the reactivated account will be included.
CRM: Made server selection available for limeBASIC webabo creation.
Fix for SSL cert alt name list (subdomain SSL settings): Effective install status of primary hostname/CN is now also checked. #224
SSL cert reissue: Reset DNS failure count on changed cert_san_aliases, so that a cert in 'request' state will be picked up, even though hostname resolving to webserver might have previously failed several times.
Fix unhandled Net_DNS2_Exception on letsencrypt CLI action while looking up CAA and AAAA records of a not yet registered domain. #225
Fix regression on mailaccount username renaming where it was no longer possible to rename a legacy username to the mailaccounts primary email address. #227
Completely reworked subdomain management with integrated HTTPS configuration. The extra SSL manager is no longer needed and was replaced by SSL/HTTPS configuration under subdomains.
HTTPS is now always available for every site (main domain, subdomain, any domain pointing/alias/redirect). The customer just decides if he wants to enforce HTTPS. If a hostname is not pointing to our webserver and a SSL certificate cannot be issued, the ssl-cert-snakeoil dummy cert is being used.
Added whitelist for domains/hostnames which should be available for HTTPS even when not (yet) pointing to our webservers, using ssl-cert-snakeoil dummy certificate. This is a workaround for planned #184 (HTTPS by default)
Added CLI action to cleanup dangling Let's Encrypt certificates (that are no longer in use).
Moved main site (www) configuration to subdomain management.
Moved HTTPS configuration to subdomain management.
Integrated SSL manager into subdomain management, enabling HTTPS sites by default.
Redesigned whole forcealias feature: Renamed to master/slave webabos. Any subdomain can now be linked to a subdomain of the master webabo. HTTPS configuration can now be changed individually in slave webabo's subdomain management.
Changed datatable styling to striped layout for most views.
Slicker datatable header with a flatter look.
Slicker status boxes in DNS manager and mailinglist overview.
Removed legacy subdir webabo product (no longer in use).
Changed all loading.png (preloaded animated image) by Fontawesome spinners.
CRM: Improved confirmation message on manual invoice creation.
CRM: Detached extra domain abos (domain redirect / aliases) from addondomain setup in linked webabo to simplify codebase. Addon domains now need to be set up individually in the customer's webabo.
Completely reworked addon domain manager, now combined all types (domain alias/pointing/redirect) into a single overview and edit form.
Visual redesign of all form and warning/error boxes, replaced by more modern flat design.
CSS cleanup: Removed legacy class definitions that were no longer used, removed all vendor prefixed properties
Alternative site URLs (webXYZ.onlime.ch) are now always available as HTTPS, using common wildcard certificate.
Domain redirects are now always available as HTTPS, using custom Let's Encrypt certificates.
Simplified addon domain manager: Domain redirects can now be created directly without creating an alias first (which was super confusing!).
Disable Slack exception/log reporting in dev environmant, using local email reports as fallback.
Upgraded Highcharts JS v8.1.1 (2020-06-09)
Upgraded apidoc to 0.23.0
Upgraded chosen-js to 1.8.7
Switched from roundcube/net_sieve (fork) to official pear/net_sieve
Updated all Composer packages. #204
Added CSS styling for inline code blocks in helpboxes.
Replaced legacy (and buggy) novutec/whoisparser by smartass jeremykendall/php-domain-parser for public suffix (aka. FQDN) and registrable domain (aka. 2nd level domain) parsing.
Allow maintenance mode to be enabled individually for CRM or Controlpanel.
Stricter DNS check for SSL cert issuance: Only allowing CN or SAN hostnames if they point to explicit webserver (previously all Onlime webservers were accepted).
Stricter DNS check for SSL cert issuance: Only allow domains in CN or SAN hostnames which have no IPv6 (AAAA) record and which are not prevented by CAA policy.
Removed all extensions (except OPcache) for PHP 7.2 due to known bug https://bugs.php.net/bug.php?id=76518, #212
NamedCheckzone validator now uses temp files with ISO-8601 datetime suffix to avoid conflicts with multiple validations for the same zonefile at the same time.
Added detailed logging to NamedCheckzone validator, including output of named-checkzone in case of a failure.
Remove temp zonefiles from NamedCheckzone validator after successful validation with named-checkzone, to avoid filesystem cluttering.
Lowered default TTL for all DNS zonefiles from 4h (14400) to 1h (3600).
Fixed problem with Let's Encrypt certificate deletion that might (in some very rare cases when a customer creates/deletes a high amount of certificates) conflict with a pending Apache restart.
Fixed an issue where a HTTPS could have been disabled in case an existing SSL certificate could not be reissued or if the customer has invoked VirtualHost reconfiguration before the cert was ready.
CRM: Fixed regression in domain redirect/alias abo change form, where base webabo could not be reassigned. (this is now obsolete as addon domains are no longer linked to CRM abos)
Removed any possibly double-assigned profiles to the same directory in .htaccess manager.
CRM: Fixed abo period calculation on extending period where start/end date drifted by 1 day.
CRM: Fixed fatal error on inactive customer bills overview due to non-existing Bexio contact. #210
Database user manager did not validate if user already existed which caused unique key constraint violation.
Removed unnecessary reconfiguration of DNS zonefile on subdomain active status changes. Inactive subdomains will stay in DNS zonefile, which is fine, so no need to update serial of the zonefile.
CRM: Fixed regression in registration fee statement calculation on new domain transfer/registration where statement was duplicated on the next updatedomains cronjob when getting charges from registrar via INWX API. #216
CRM: Full Bexio API v3 integration: Invoices are now getting generated in Bexio, reminders getting sent out through Bexio.
CRM: Massive refactoring of billing/accounting: Removed all editing capabilities for invoices, moved to Bexio. Removed accounting features, only keeping archived reports.
CRM: Parsing deptor detail information from camt.054 transactions: name, address, and account (IBAN).
CRM: Added cleanup cli action to deactivate all dangling (no more active abos, open statements, open/unpaid bills) customers and delete them via Bexio API.
CRM: Added daily domainconsistency cronjob to update local domain metadata or alert on missing abos.
CRM: Added 2 extra recipient list options to customer mailing. You can now send a mailing to domain owners or to all webmaster of the provided domain list. #194
Updated genkgo/camt to 1.0.0 - removing the need of onlime/camt fork, as Postfinance camt.054.001.04 parsing is now fully working and project was updated to use jschaedl/iban-validation. #76, #93
Updated twig/twig to 3.0, replacing deprecated twig/extensions by twig/intl-extra (only extension currently needed). #173
Updated twilio/sdk to 5.42
Updated inwx/domrobot to 3.0
Updated giggsey/libphonenumber-for-php to 8.11.1
Updated pingencom/pingen to 1.2.6
Updated geoip2/geoip2 to 2.10.0
Updated phpoffice/phpspreadsheet to 1.10.1
Updated novutec/domainparser to 2.0.10 for PHP 7.4 compatibility
Updated novutec/whoisparser to 3.2.12 for PHP 7.4 compatibility
CRM: Changed default sort order for invoice list, no longer displaying cancelled (storno) invoices on top.
CRM: Catching exception and displaying nicer error message when trying to delete/deactivate a customer with active abos or statements.
Simplified PHP version manager by removing the confusing root handler (public_html), which was used to change the PHP version of multiple subdomains at once.
CRM: Customer search by email now also searches in email_billing and email_billing_cc fields.
Improvement for MX-check temp off switch in mailaccount managent: If customer chooses a domain to be deactivated for regularly MX checks, this will only be set for the next 24hrs. After that, MX-check will be applied to the domain again. #178
Complete removal of cgi-bin feature (Apache mod_cgid was already disabled for a long time). #83
Delete Let's Encrypt certificate/key files upon SSL host removal (previously just a soft delete preserving cert). #182
Hide forcealias domains in master webabo's SSL manager, as SSL cert/host should be created in original webabo. #182
SSL cert manager: Make hostnames faster available for SSL cert issuance by doing authoritative DNS lookups. #185
Added ~/bin to $PATH in crontab, so that a customer could e.g. link a different PHP version to ~/bin/php and this would also work in cronjobs.
Updated default PHP version for new webabos to PHP 7.4
Cronjob manager: Allow single cronjobs to be deactivated without deleting them. #188
Removal of plaintext passwords in .htpasswd profiles, replaced pw encryption and strength calculation (zxcvbn) by trait. #189
Backported hostname validation from laminas/laminas-validator 2.13.4 Laminas\Validator\Hostname to legacy Zend_Validate_Hostname in onlime/zf1 fork. This fixes various hostname validation issues and supports latest IanaVersion 2020033100 of valid TLDs.
Added option to main site and subdomain configuration to turn off temp URL (alternative URL). #191
Removal of legacy admin feature typo3_realurl. RewriteRules for Typo3 should always be defined by customer's own .htaccess. #192
Using custom Onlime_ApiException with lower log level (notice) for most Airpane API exceptions. #148
Massive refactoring of mailaccount/mailmapping handling, simplifying database structure by now directly assigning a primary email address to every mailaccount. #195
Multiple email forwardings pointing to the same legacy mailaccount username are now no longer possible, resolved to regular email forwardings with email address as destination. #195
Performance improvement in domainconsistency cronjob: Only update owner contact handle data once for handles that are used for multiple domains.
Always override extra/low TTL values by default TTL for a zonefile if default TTL is lower.
Added 'a' to SPF records of all customer domain zones. Default SPF record is now "v=spf1 a mx include:spf.onlime.ch ~all".
Added discount column to all bill statement lists in CRM and customer cockpit, for both legacy and Bexio bills.
Use correct directives to overwrite php.ini values in PHP-FPM config (prevents locking of user overwritable settings by php_admin_flag|value)
Mailsync: Convert domain name to IDNA ASCII form (punycode) on mailmap deletion by domain
Fixed autoresponse for weekdays where only Sunday was selected, which resulted in empty array of weekdays.
Fixed hostname validation to support hostname parts that start with underscore (e.g. _domainkey), which caused problems on .com hostnames.
Fix for SSL host removal regression where Apache site was deployed after certbot SSL cert removal but prior to sslhost removal. airpane-agent#159
CRM: Fixed a regression when domain registration via registrar API (INWX) was no longer possible due to overridden domain object, which should have been the actual domain name value.
CRM: Fixed a regression in discount calculation where customer discount was not applied to a newly created abo.
CRM: Fixed problem when abo end date of an already cancelled abo was moved to the past. This caused renewal of the abo on the next generatestatements run. It was not intuitive as the abo was still correctly displayed as cancelled in CRM. #197
Fix for Net_Sieve error (Authorization failed) when customer tried to remove a mailmapping that pointed to an email address of an inactive mailaccount. #198
Fixed a regression after mailmapping refactoring (#195) where primary email of a mailaccount was not deactivated/reactivated on mxcheck. #199
DNS manager: Only list DNS zones as pending if they are active but not yet insync (synced to DNS servers). Previously inactive domains were also displayed as pending if their last state was not insync.
Added support for currency conversion via ExchangeRate-APIopen in new window, in addition to Fixer.io / 1Forge.com services which no longer offer a free plan. Made service configurable. #115
Airpane API: Added Mailproxy::GetNginxAuth, an API method for Nginx ngx_mail_auth_http_module to provide a mail proxy service.
CRM: Added extra webabo action to reconfigure a single site, triggering Apache site generation and reload.
Mailaccount autoresponse now supports activation by weekday(s) in addition to datespans. #143
Fully supporting new Dovecot mailserver for IMAP and Sieve, also supporting mailproxy via Nginx for migration.
Exposing webabo information lookup to Airpane API (replacing legacy search-webabos script). airpane-agent#133
Added server information to controlpanel overview.
Added support for PHP 7.4 in PHP version manager
Added CSV export option to mailaccounts / email forwardings list.
Moved from forge (1Forge.com) currency conversion API to exchangerate (ExchangeRate-API) service which offers unlimited free requests. #115
Removed support for legacy Airpange-manager (manager.pl socket service) which is now obsolete since the introduction of Airpane-agent. #114
crm: Improved transaction safety on webabo creation.
Improved transaction safety on mailaccount creation.
Removal of all legacy code concerning plaintext passwords (which were already destroyed years ago), removal of all plaintext password fields in db.
Postfinance ISO-20022 camt054 (FDS) parsing now supports new AddtlInf format (SPS/1.6/PROD). #121
No longer rsync AWstats system/{awstats,reports} data from webservers to Airpane server, as this was only required for migration. #117
(security) Obfuscating apikeys and other sensitive data in request URI of DB profile reports. #128
Skip DB query profile reports (by email) for logging-only requests/transactions. Massively lowering the amount of genenerated reports. #129
Also hide PHP manager for forcealias webabos in addition to subdomain manager.
Renamed mailaccounts.sieve_script_copy row to sieve_script as we will be accessing it directly from Dovecot backend.
crm: Changed all product prices to include MWST by default
Improved mailaccount autoresponse handling: Don't send autoresponse on messages marked as spam.
Removal of homesconsistency cronjob in favor of airpane-agents maint_remove_homes.py maintenance script. #120
Updated CSS styling for payment page.
No longer allow legacy usernames for new mailaccounts, always use email as username.
No longer allow '+=' special characters in mailaccount usernames or email addresses (plus addressing is already supported by our mailserver). #161
PHP configuration: Made APCu extension globally enabled and only offer apc_bc (APCu Backwards Compatibility Module) as optional extension in controlpanel.
SSL manager: Only adapt wwwtype from webabo if sslhost is a SLD (in addition to the already existing check if sslhost does not point to a subdomain)
Exclude airpane_log.log INSERTs from DB query profile reports.
Added A record to default SPF record for customer domains, to support limeDEDICATED dedicated managed webservers which send out email directly.
Sieve scripts: Use RFC-compliant line endings, CRLF instead of LF, to be compatible with Dovecot / Roundcube 1.4 / RFC5322. #167
CRM: Removed parsing support for legacy Postfinance Type 4 ESR record files, as this was replaced long time ago by iso20022 camt.054 parsing.
CRM: Added booking date for payments in addition to value date (Valuta). Booking date is now relevant for accountings payment list.
Extended webabos.dbprefix field from 13 to 26 char limit (which was already supported in webabo creation form)
Fixed DB username length restrictions (22 chars for dbprefix, 26 chars for db usernames), reserving 4 chars for db name suffix.
Fixed OPcache/APCu cache resetting regression, now supporting reset via airpane-agent. #123
Fixed mail module bug where it was possible to delete another mailaccount's primary mailmapping if the two mailaccounts belonged to the same webabo and there was a forwarding set up. #124
Prism.js was blocked by adblocker (e.g. uBlock Origin), moved to different filename. #132
Fixed error document editing in controlpanel (regression from v2.11, airpane-agent related). #134
Daily domain price calculation (via registrar API) is now based on always up-to-date currency conversion rate. #137
Currency conversion rate on domain price calculation (updatedomainprices) is now correctly cached and serialized in APCu, even when running in CLI. #137
Added more new TLDs to Zend_Validate_Hostname / Updated all Composer packages. #138
CRM: Don't recalculate mwstsum when copying an existing statement as new open statement.
CRM: Populate correct price on statement edit form for products that include MWST in pricing. Previously MWST was not added.
Removed generic mailmappings <mailaccountUsername>@onlime.ch which are no longer used and were just confusing for customer. #153
DNS manager: Allow @ in TXT record data, e.g. used for DMARC entries. #157
DNS manager: Allow long data values for TXT (e.g. for DKIM keys) by splitting up data in chunks of max size 255 according to RFC4408. #158
CRM: Fixed editing of domain redirects that did not belong to any specific webabo. #160
Only run sieveconsistency check (daily cronjob) for active mailaccounts, as Dovecot no longer supports master user access to inactive mailaccounts over managesieve. #162
Skip Apache vhosts reconfiguration on final deletion of all sslhosts prior to webabo deletion. #552
Fixed order of statements in billing email body, now correctly ordered by date.
Don't display quota usage information for inactive mailaccounts, as this information cannot be retrieved by airpane-agent / Doveadm. #168
Exclude all generic mail mappings (e.g. used for cronjob output) from mailaccount list in controlpanel.
Also check domain alias/pointing limits on editing an addondomain, not just on creation. #169
Avoid DNS zonefile conflict (not validated using named-checkzone exception) on partial custom subdomain CNAME record deletion, e.g. if demo CNAME was removed but www.demo CNAME was not and there was a subdomain demo set up. #170
Fixing problem with Let's Encrypt cert expiry check on certificates which have been manually removed.
Removed obsolete feature "Convert to UTF-8" in database backup/restore manager
Removed all legacy code related to suPHP (which was replaced by PHP-FPM already back in 2016)
Removed legacy "global db user" feature. Use regular db users, which can be assigned to multiple or even all databases, instead. All global db users were converted to regular db users.
Removed dependency of legacy php_excel (by Ilia Alshanetsky) extension / LibXL, replaced by PHPOffice/PhpSpreadsheet
Rewrote all Excel (.xlsx) generated reports from php_excel to new PhpSpreadsheet library. #88
More strict zonefile validation in DNS manager. In addition to our strict validation rules, we now also validate fully generated zonefile via named-checkzone before activating it on nameservers.
Changed PHP newabo handler to php72
Removed support for php70 handler
Provide apple-touch-icon-*.png icons in webroot via RewriteRule for those clients that ignore the rel path in link elements
Don't allow changes in SSH pubkey contact information once a pubkey has been verified.
crm: Added password confirmation field in webabo edit form to ensure new passwords are entered correctly.
Upgraded PrismJS to 1.15.0 and changed to tomorrow-night theme.
Changed styling of helpboxes, using less obtrusive background color.
Integrated zendframework1 (patched) and zf1-extras as Composer packages to no longer depend on local installation.
Fixed 'script error/cp.phtml not found in path' exception on invalid CSRF token, now redirects to login form with a friendlier warning.
Fixed Let's Encrypt cert removal where Apache reconfiguration did not get triggered in some rare cases.
Fixed subdomain matching in HTTPS manager for webabos with 3rd level domains.
Always activate mailmap if mx_check is disabled on domain upon mailaccount creation.
Fixed bug in DB user manager where a user accidentally got removed from multiple databases in Airpane db (even though it was correctly removed from MySQL privilege table).
Improved date format validation in timespans (e.g. in mail vacation form) to fix "No date part in'NaN.NaN.NaN' found." error
Prevent subdomain renaming for subdomains with existing SSL host(s).
Fixed issue where catchall domain record was converted to regular domain record once a catchall mailmapping (@example.com) was deleted. This should only happen upon deletion of the last catchall mailmapping, if no other mailmapping exists with the same source address.
Added option to DNS manager: Default CAA resource records can now be disabled instead of just being overwritten by custom CAA resource records (which previously did not allow to turn off CAA certificate pinning completely).
Added support for PHP 7.2 in PHP version manager
Added support for PHP 7.3 in PHP version manager
New health checks for Airpane manager, Mailman API
Slack logging integration for warnings/errors
GDPR: Added data processing agreement (DPA) as opt-in under Controlpanel's account settings
Enabled SSL manager for forcealias webabos
crm: Allow converting a webabo into a forcealias in webabo config.
Added PECL::mailparse as hidden PHP extension for premium customers
Additional check for Postfinance camt.054 (ISO20022) to only book productive transactions (skipping test/reconstruction)
Removed nameserver IPs in customer email templates. IPs are irrelevant and may just cause confusion.
crm: Improved warning message on unmatched time entry in Mite importer
Improved SSL CN mapping lookup to be less greedy, so we may use a specific certificate from another vendor for the main domain and still use Let's Encrypt for all the other subdomains.
Improved PHP 7.2 compatibility
Improved StatusCake customer-site check updating via API: only add sites that point to our webservers, added logging, prefer latest added webabos
crm: Allow definition of product prices which already include MWSt.
crm: Added mwstcode for new Swiss MWSt. rate 7.7% in 2018
PHP 7.2 compatibility: Switched from mcrypt to Sodium encryption for SSO in CRM and Roundcube plugin
crm/cockpit: Statement list now also displays mwst and total sum.
improved exception handling on domain updates/deletion
Simplyfied flash messages by using Bootstrap alerts. Gave up on annoying vertical scrolling of messages.
Code cleanup: Converted all traditional syntax array literals with short syntax
Added whitelist for MysqlUsername validator to support legacy usernames
crm: Domain fees are now no longer linked to any webabo as this never made much sense
Switched back to official pingencom/pingen Composer package as this is again actively maintained and our MR was accepted on GitHub.
Raised max mailbox size to 100GB
Addon-domains manager does no longer restrict domain aliases to 2nd-level domains.
Do not promote Mailman mailinglists (legacy product), only presenting lists section to customers with enabled mailinglists.
Filter phone numbers to ASCII characters (removing any fancy non printable characters in UTF8) prior to phone number validation with Google's libphonenumber
Switched from Fixer.io to 1Forge Forex Quote API for currency conversion as Fixer.io only offers EUR base currency in free plan. Updated Swap (florianv/swap 3.4.0) to use API access keys.
UI: Changed all ugly looking warnboxes to standard alert boxes.
Domain registration: Using different max price borders for internal registrar prices and customer prices, so we can offer a lot more higher priced TLDs.
DNS manager now supports MX resource records on subdomains
Enabled default SPF (TXT) record for all domains using SoftFail (~all). The default spf record is overwritable by customer via DNS manager.
Allow query strings in wildcard domain redirect target URLs
Changed default PHP handler for new webabos to php72
Improved instructions in DNS check inconsistency warning email to point customer to use the DNS-manager in controlpanel.
HTTP 404 errors are now no longer reported as WARN but as NOTICE instead, no more email reports / Slack notifications
Internally raised MySQL username length limit from 16 to 32 chars as this is now supported in MySQL 5.7
Changed SSH pubkey fingerprint hashing from MD5 to SHA256 to support new defaults of ssh-keygen / OpenSSH 6.8+ (Debian Stretch). This fixes duplicates in pubkeys table where the previously uploaded key could not be matched by fingerprint.
crm: Reactivate a previously cancelled domain at registrar once the subscription is reactivated in CRM.
crm: If a domain is now deleted, don't throw an exception if the domain does no longer exist anymore at registrar.
Fixed alignment of form labels and fields in Chrome/Safari (regression in Airpane 2.9)
Fixed wrapping of long data lines in DNS resource record list
Using onlime/statuscake fork instead of basilicom/statuscake, corrects StatusCake API endpoint and allows you to handle API response in application
minor fixes for MySQL strict mode
Fixed PDF bill download in customer cockpit which causes access violations in some rare cases
crm: fix product addon removals where webabo did not exist
Fixed purging of Let's Encrypt certificates that no longer exist in path / have been manually deleted via certbot delete
minor fix in mail domain reactivation warn box where reactivate-link led to wrong URL
Enabled DNS manager for 3rd level domain webabos, so you can now administrate your addon domains from there.
Let's Encrypt certificates that no longer point to an existing site on our webserver get now cleaned up directly before certbot renewals occur, handled via certbot pre renewal-hook instead of regular cronjob.
SSL VirtualHosts that point to inactive subdomain are now also disabled.
Fixed MWSt recalculation on cancelled (storno) statements of a bill.
Fixed blockUI on mailaccount creation.
Ensure SSLhosts of a subdomain get removed (and cert no longer renewed) upon subdomain removal.
Workaround for bcmod() issue in IBAN validation in jschaedl/iban (used by genkgo/camt), fixes fdsrun again to always succeed.
Fixed warning in DNS manager about auto-generated MX records which did also pop up on other (other than MX) auto-generated DNS record types.
(security) Fixed an underscore validation and escaping issue with database names which could lead to privilege escalation in some rare cases.
MySQL 5.7 compatibility: Escaping 'generated' in DNS zonefile generation as this is a reserved keyword
Introducing new customer cockpit which includes bills and open statements list, domain management (edit contact handles and nameservers), domain registration
crm: Abo period is now displayed next to price
crm: Set canceled domains to renewal mode AUTODELETE at registrar (90 days before abo period expires). The domain registration abo now just needs to be canceled in CRM.
crm: On domain registration abo deletion, set renewal mode AUTODELETE at registrar.
Added support for NS resource records to DNS manager.
crm: Fixed statement sum on changed abo end date, now correctly giving refunds (negative statement sum).
Changed update-diskusage cronjob from 15min to hourly and niced it to reduce load.
Removed trailing slash from mod_proxy_fcgi PHP-FPM socket path to prevent extra leading slash in PHP's SCRIPT_FILENAME, which has been confirmed to break some applications.
Removed some CSS code that caused 404 errors on legacy images.
Removed default wildcard CNAME for all customers, replaced by explicit subdomain CNAMEs (in order not to conflict with autodiscover Microsoft autodiscovery sheme)
Converted txt based CHANGELOG format to new CHANGELOG.md (as recommended by http://keepachangelog.com)
try to resolve SSLhost hostname directly in domain pointings prior to auto-detecting subdomains
improved TLD filtering on INWX API domain creation, now filters zero-width spaces which are commonly used at some registrars
Using new error documents for suspended (HTTP 410) and bandwidth limited (HTTP 509) virtualhosts
refactoring/cleanup: Removal of legacy SSL manager (SSLMate)
purge Let's Encrypt certs via certbot delete subcommand (introduced in certbot 0.10) instead of direct filesystem operations
refactoring/cleanup: Removal legacy suPHP code
optimized login failure application log output to better support fail2ban filter
integrated login failure check/banning is now IP based (similar to fail2ban) and no longer account based
removed dependency of Zend_Currency, replaced by moneyphp/money, using fixer.io service via florianv/swap for currency conversion rates
smarter maintenance mode - 00-maintenance.conf is now auto-generated and builds all SSL VirtualHosts with correct certs and 503 status
using permanent (301) Redirects instead of temp (302) for wwwonly or nowww redirects
Changed PostFinance FDS host name to load balanced fdsbc.post.ch
only send out mailaccount quota warnings if account usage is above 90% and (new) remaining space is below 300MB
raised generated password length from 8 to 12 chars
mimimum TTL (commonly used as negative-TTL, RFC2308) lowered to 1H
default TTL is now configurable per zonefile
massively improved phone number validation and international format filtering, using giggsey/libphonenumber-for-php library
initial support for MySQL 5.6 sql_mode=STRICT_TRANS_TABLES
updated MX record list for Google Apps (alt3|alt4.aspmx.l.google.com)
cp: also swap webroot path on subdomain swapping
deliver quota warnings to mailaccounts which are above their quota limit by temporarly raising their quota
crm: moved from MAT[CH] Light zipcode data to GeoNames postal code data, now supporting multiple countries for city/state lookups.
turned HSTS off by default for SSL hosts (previously 86400), needs to be configured by customer
Changed forced SSL redirects from SERVER_NAME to HTTP_HOST
cp: added helptext warning for db backup restores, explaining that a restore does not drop the whole db, only tables that exist in backup
cp: raised default mailaccount quota from 300MB to 1GB
replaced old webappscanner with smarter webapp-scanner that detects more web applications (Wordpress, Typo3, Joomla, Drupal, phpBB,...)
security hardening: Mailman API no longer requires sudo
performance optimization of Mailman API call addMember()
Give customers a validation message about already encoded IDNA domains in punycode format (not required)
added require_ssl flag on dbusers to internally support REQUIRE SSL
crm: added dbsourcehosts config option in webabo configuration editor
improved support for double SLDs (co.uk, org.uk, com.tw,...)
subdomains: added infrastructure hostnames for testing URL
made autoindex default setting configurable via application config
using PrismJS instead of CodeMirror for syntax highlighting in simple (non-editable) code blocks
Upgraded Highcharts JS to v4.0.3 (2014-07-03)
crm: storing modification timestamp for each bill, print it on bill
refactoring/cleanup in webabos and subdomain tables, eliminating the need of ssl_ip field
crm: on partly paid bills print now outstanding sum instead of total sum, including the amount on payment slip (ESR)
cp: Make extra DNS resource records editable in DNS manager
cp: Improved validation of MX records in DNS manager; check for conflicts with any existing CNAME resource records (RFC 2181) is now performed locally and via remote DNS servers
cp: allow multiple DNS resource records with same name in DNS manager e.g. for round-robin load distribution via A-records
added detailed info messages on every invocation of an Apache reload
crm: added online banking warning above ESR on PDF bill
disallowing ampersand ('&') in passwords as they cause problems with some mail clients (e.g. Apple Mail)
cp: raised default mailaccount quota from 100MB to 300MB
crm: do not allow regeneration of bill with paid or storno status
crm: improved PayPal IPN payment validity checks
lowered default TTL to 14400 (4H) for all customer zone files
massively improved password hashing algorithm
improved entropy of password generator (for auto-generated passwords)
fixed ServerName generation for non-www VirtualHosts
cp: fixed realpath checks for webroots which point to a symlink or a directory below a symlink
always update infrastructure DNS zone file upon webabo creation (fixes outdated CNAME after re-use of a previous lime-drive abo)
crm: fixed double creation of PDF bills
fixed problem where forcealias webabo domains did not get included in access statistics (AWStats)
fix for change in main domain for a webabo: always activate all existing mailmappings, as the new DOMAIN record is active by default
fixed Zend_Rest problem with non-ascii output of Mailman API call addMember() and addMembers()
fixed auth deployment to remote servers on several password change hooks
cp: re-enabled PHP manager for subdir webabos
crm: update MWSt code on bill/statement move to another customer
fixed editing of old-styled database usernames that did not match the required prefix. Changing password without changing the username is now possible again.
cp: fixed jQuery problem where input fields with filetree dialog were ineditable (ftp create/edit, webroot, htaccess password protection)
crm: fixed authentication data deployment to remote servers if abo is created initially on remote server
crm: change of webmaster email now correctly updates system mail- mapping for cronjobs
crm: fixed special price problem on product up/downgrades
fixed bug in PHP configurator, where php.ini did not get generated on PHP version switching