Page 1 of 2 12 LastLast
Results 1 to 20 of 36

Thread: DirectAdmin 1.52.0 has been released - Security fix!

  1. #1

    DirectAdmin 1.52.0 has been released - Security fix!

    Hello,

    We're please to announce the release of DirectAdmin 1.52.0.
    As mentioned in the release candidate, this version is many new features and bugfixes.

    IMPORTANT SECURITY FIX!

    Full list of changes is here:
    https://directadmin.com/versions.php?version=1.520000

    Some significant changes:

    New Features


    Bug Fixes



    Plus many ... many many more.

    To update, go to your Admin Level -> Licenses/Updates, and click update.

    Thanks!

    John

    Edit: Note, it's important to keep your system up to date.
    We recommend using the update notification tool in CustomBuild, see step number 3.
    We'll continue to push update requests to servers that are found to still be installing/running old versions.

  2. #2
    Join Date
    Sep 2015
    Location
    Arnhem, NL
    Posts
    430
    Looking good, lots of nice features Regarding http2: I now have custom nginx http templates only to enable http2. The only thing to do to switch to the default templates and enable http2 everywhere is:

    - Enable http2=1 in directadmin.conf
    - Remove custom templates
    - ./build rewrite_confs

    Right?

  3. #3
    Join Date
    Aug 2006
    Location
    LT, EU
    Posts
    8,132
    Right If you have nginx compiled with http/2 (CustomBuild does that for you automatically if you run OpenSSL 1.0.2 or higher)
    Martynas Bendorius
    MB Martynas IT. Professional server management company. Official DirectAdmin, CloudLinux, LiteSpeed and Comodo partners.

  4. #4
    Join Date
    May 2008
    Location
    Bulgaria
    Posts
    973
    Do I need to remove exim_sni=1 and dovecot_sni=1, then add mail_sni=1?

    I updated and that did not happen.

  5. #5
    Join Date
    Jun 2012
    Posts
    635

  6. #6
    Join Date
    Sep 2008
    Posts
    203
    After updated, I can no longer access webmail by using "domain.com/webmail". Got and error "500 Internal Server Error". (nginx_apache mode with PHP-FPM)

    Access by "domain.com/roundcube" is ok.

  7. #7
    Join Date
    Jun 2012
    Posts
    635
    anyway to get the 1.51 version?
    just ton of issues I don't feel like dealing with.
    css issues on csf firewall, webpages on sites themselves not updating, initial install of 1.52 on fresh centos 6.9 server did not create admin user, reinstall fixed that but crap just not working riggt.
    Dave M

  8. #8
    We'd be happy to deal with them for you
    Create a ticket and we can check things out.
    Not too sure about the css/firewall issue, if that's even related to the release, nor the webpage updates..
    Either way, create a ticket, and give us info and we'll be happy to help.

    John

  9. #9
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    4,183
    Not too sure about the css/firewall issue, if that's even related to the release, nor the webpage updates..
    Doubt that too. Got several servers with Centos 6.9 all updated to DA 1.52 last night. No issues with webmail, webpages or CSF on any server. Everything is working flawlessly.
    Greetings, Richard.

  10. #10
    Join Date
    Sep 2008
    Posts
    203
    Quote Originally Posted by nmb View Post
    After updated, I can no longer access webmail by using "domain.com/webmail". Got and error "500 Internal Server Error". (nginx_apache mode with PHP-FPM)

    Access by "domain.com/roundcube" is ok.
    Just updated Custombuild to build 1733 and ./build rewrite_confs . Now it works.

  11. #11
    Join Date
    Jun 2012
    Posts
    635
    was a simple fix. reinstall centos 6.9
    seems like I hit a mirror at just wrong time, deleting directadinfiles, val/lib/mysql, tweaking few others things fixed (so far my issues.
    one thing I noticed is if I choose custom setup for custombuild it grabs mariadb 10.2.x which....for some reason...has lot of issues on clipbusket databases.
    marty clued me in on a ticket and I will be filing github issue on clipbucket for this, looks to be unique identifier issue.
    setting my.cnf to use myisam started working although i did (for reliability) have to lock mariadb to 10.1.28 version.
    Dave M

  12. #12
    Join Date
    Jun 2012
    Posts
    635
    Quote Originally Posted by Richard G View Post
    Doubt that too. Got several servers with Centos 6.9 all updated to DA 1.52 last night. No issues with webmail, webpages or CSF on any server. Everything is working flawlessly.
    his was fresh cent6.9 install and failed csf however the one time time I did the choose fastest mirror option this happened.
    reloaded DA (w/o reloading system) and used defaults and csf works.
    t
    Dave M

  13. #13
    Join Date
    Jul 2008
    Location
    Maastricht
    Posts
    4,183
    Yep I just read it, glad you figured it out!
    Greetings, Richard.

  14. #14
    Join Date
    Apr 2009
    Posts
    2,421
    Quote Originally Posted by dmacleo View Post
    was a simple fix. reinstall centos 6.9
    seems like I hit a mirror at just wrong time, deleting directadinfiles, val/lib/mysql, tweaking few others things fixed (so far my issues.
    one thing I noticed is if I choose custom setup for custombuild it grabs mariadb 10.2.x which....for some reason...has lot of issues on clipbusket databases.
    marty clued me in on a ticket and I will be filing github issue on clipbucket for this, looks to be unique identifier issue.
    setting my.cnf to use myisam started working although i did (for reliability) have to lock mariadb to 10.1.28 version.
    This is not the thread for MariaDB, but I want to let you know that in MariaDB 10.2.x strict mode is enabled as default, and my guess is that is causing some of your trouble. Try to disable strict mode. https://mariadb.com/kb/en/library/sql-mode/#strict-mode

  15. #15
    Join Date
    Jun 2012
    Posts
    635
    Quote Originally Posted by ditto View Post
    This is not the thread for MariaDB, but I want to let you know that in MariaDB 10.2.x strict mode is enabled as default, and my guess is that is causing some of your trouble. Try to disable strict mode. https://mariadb.com/kb/en/library/sql-mode/#strict-mode
    actually did try that no help, this looks to be more a script issue but I need to check. problem is once I upgrade to 10.2 downgrading to 10.1 is a nightmare
    Dave M

  16. #16
    Join Date
    Jun 2012
    Posts
    635
    Quote Originally Posted by Richard G View Post
    Yep I just read it, glad you figured it out!
    marty helped a lot pointed out the unique identifier 10.2 uses and that (so far) has set me right.
    lot was also caused by initial install never giving/generating the deafult password (and the setup.txt reflected this+ as well as the da_admin sql passwords
    so....basically a cascading error at that point
    Dave M

  17. #17
    Join Date
    Jan 2013
    Posts
    162
    Quote Originally Posted by Erulezz View Post
    - Enable http2=1 in directadmin.conf
    - Remove custom templates
    - ./build rewrite_confs
    Did just that but no http/2. What am I missing?
    DA version 1.52.0
    CentOS Linux release 7.4.1708 (Core)
    OpenSSL 1.0.2k-fips 26 Jan 2017
    Custom Build 2.0.0 (rev: 1733)

    options.conf
    #PHP Settings
    php1_release=5.6
    php1_mode=php-fpm
    php2_release=7.0
    php2_mode=php-fpm

    #WEB Server Settings
    webserver=nginx_apache

    Edit: It seems ALPN is not supported.
    Last edited by Wanabo; 10-05-2017 at 10:31 AM.
    Probe my IP

  18. #18
    Join Date
    Sep 2015
    Location
    Arnhem, NL
    Posts
    430
    Quote Originally Posted by Wanabo View Post
    Did just that but no http/2. What am I missing?
    DA version 1.52.0
    CentOS Linux release 7.4.1708 (Core)
    OpenSSL 1.0.2k-fips 26 Jan 2017
    Custom Build 2.0.0 (rev: 1733)

    options.conf
    #PHP Settings
    php1_release=5.6
    php1_mode=php-fpm
    php2_release=7.0
    php2_mode=php-fpm

    #WEB Server Settings
    webserver=nginx_apache

    Edit: It seems ALPN is not supported.
    What is the output of: nginx -V ?
    Is Nginx still build with OpenSSL 1.0.1e?

  19. #19
    Join Date
    Jan 2013
    Posts
    162
    Quote Originally Posted by Erulezz View Post
    What is the output of: nginx -V ?
    Is Nginx still build with OpenSSL 1.0.1e?
    nginx -V
    nginx version: nginx/1.13.5
    built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
    built with OpenSSL 1.0.1e-fips 11 Feb 2013
    TLS SNI support enabled
    configure arguments: --user=nginx --group=nginx --prefix=/usr --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --http-log-path=/var/log/nginx/access_log --error-log-path=/var/log/nginx/error_log --without-mail_imap_module --without-mail_smtp_module --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_dav_module --with-http_v2_module --with-cc-opt=''-D FD_SETSIZE=32768''

    How can I check "Is Nginx still build with OpenSSL 1.0.1e?"
    openssl version outputs: OpenSSL 1.0.2k-fips 26 Jan 2017

    Edit: it seems indeed build with 1.0.1e
    Should CB not take care of that?
    Perhaps I should ./build nginx_apache? Or just ./build nginx?
    Last edited by Wanabo; 10-05-2017 at 11:06 AM.
    Probe my IP

  20. #20
    Join Date
    Sep 2015
    Location
    Arnhem, NL
    Posts
    430
    Quote Originally Posted by Wanabo View Post
    nginx -V
    nginx version: nginx/1.13.5
    built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
    built with OpenSSL 1.0.1e-fips 11 Feb 2013
    TLS SNI support enabled
    configure arguments: --user=nginx --group=nginx --prefix=/usr --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --http-log-path=/var/log/nginx/access_log --error-log-path=/var/log/nginx/error_log --without-mail_imap_module --without-mail_smtp_module --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_dav_module --with-http_v2_module --with-cc-opt=''-D FD_SETSIZE=32768''

    How can I check "Is Nginx still build with OpenSSL 1.0.1e?"
    openssl version outputs: OpenSSL 1.0.2k-fips 26 Jan 2017

    Edit: it seems indeed build with 1.0.1e
    Should CB not take care of that?
    I noticed it today with the Curl 7.56 update.. Before I checked the version with curl -V and it was showing the same as Nginx, build with 1.0.1e. After updating and compiling curl was showing 1.0.2k.. So I think you need to recompile everything after updating OpenSSL. After I did a ./build nginx Nginx was showing also 1.0.2k.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •