DirectAdmin v1.663 RC

fln

fln

Administrator
Staff member
Joined
Aug 30, 2021
Messages
952
We are happy to announce the release of DirectAdmin 1.663 RC.

Highlights of this release is file system usage information in the System Information page and initial support for security.txt (RFC 9116). In addition to new features this release has important fixes and improvements.

Full release change log can be found here:

DirectAdmin 1.663

The update should be automatically available for all installations subscribed to the beta release channel.

We appreciate all the feedback on forums and issues reported in the ticketing system.

Thanks!
 
Nice job on security.txt feature :) doing it manually now, that’s going to save some time :)
 
The bad news about security.txt is that this data can be used for spam users' existing accounts. Do we have companies list who have access to this file?
 
Stije said:
Does the security.txt feature also signs it with PGP and creates the PGP Public key file on the right place?
Click to expand...
No.

PGP signing with auto-generated keys is useless because it does not allow establishing a chain of trust. Auto generating PGP keys and signing would be identical to using self-signed certificates for HTTPS. PGP is useful if you have other means to prove the key should be trusted. This part (signing the security.txt contents) of the spec is mostly ignored, examples:
Just serving it over HTTPS is enough to prove it is really served by the owner of the website.
staff_nowa said:
The bad news about security.txt is that this data can be used for spam users' existing accounts. Do we have companies list who have access to this file?
Click to expand...
Security txt contents is publicly available for everyone.
 
Last edited:
fln said:
PGP signing with auto-generated keys is useless because it does not allow establishing a chain of trust. Auto generating PGP keys and signing would be identical to using self-signed certificates for HTTPS. PGP is useful if you have other means to prove the key should be trusted. This part (signing the security.txt contents) of the spec is mostly ignored, examples:
Just serving it over HTTPS is enough to prove it is really served by the owner of the website.
Click to expand...
Ok cool. I thought maybe DA also created a keyserver / WKD. But off course people can also do this self. :) I know it is not nessecary I was just wandering :)

Thanks
 
can you add supporting of old and new backups for restore from DA:
Invalid filename: user.reseller.agro.tar.zst. The file must be of the form: username.tar.gz
my bad, it was name issue, but check also extension support, I already recreated backups as tar.gz and don't have zst to test.
 
Last edited:
@ahmed_hv it does work on our test servers. Maybe you are using legacy license?
 

Licensing | Directadmin Docs

DirectAdmin Knowledge Base
docs.directadmin.com

Users of legacy licenses may continue to run the DirectAdmin service with the understanding that their codebase will receive limited maintenance. For the purposes of licensing infrastucture compatibility, security fixes, and other development, the legacy codebase will increase version number in accordance with our changelog. However, it should not be assumed that items listed in the changelog are guaranteed to exist in the legacy codebase.
Click to expand...

All new features should be considered not available in the legacy code base, but we include fixes and some of the features to support easy transition from legacy licenses (one way only).
 
fln said:
All new features should be considered not available in the legacy code base, but we include fixes and some of the features to support easy transition from legacy licenses (one way only).
Click to expand...
Even if you block new features for us LLC, it won't really convince me to buy (a) license(s), even though I only currently have 2 LL in use for personal use...

Do you really think we all read the "licensing agreement" regularly..... it's like the 5,989-page Apple T&C, who really reads that every update?!

Maybe you can pop up a window when an admin logs in to persuade them to read it after each update🤷🏻‍♂️
 
LawsHosting said:
Even if you block new features for us LLC
Click to expand...
It is already known for a long time that LL would not get new features, only updates and upgrades. Until now then with the cutbacks on the databases. So I don't know why everybody's wondering now about not getting the new features. It's also stated at the forum in the past in discussions. It's nothing new or unkown.
I personally won't discuss here further about this, as this is a release thread, not a discussion thread. Just wanted to point out it's known for years already.
 
fln said:
No.

PGP signing with auto-generated keys is useless because it does not allow establishing a chain of trust. Auto generating PGP keys and signing would be identical to using self-signed certificates for HTTPS. PGP is useful if you have other means to prove the key should be trusted. This part (signing the security.txt contents) of the spec is mostly ignored, examples:
Just serving it over HTTPS is enough to prove it is really served by the owner of the website.

Security txt contents is publicly available for everyone.
Click to expand...
If I only use Google Workspace to maintain my email service, do I need to activate this security.txt? Thank you.
 
You must log in or register to reply here.
Back
Top