DirectAdmin 1.52.0 has been released - Security fix!

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
9,158
Hello,

We're please to announce the release of DirectAdmin 1.52.0.
As mentioned in the release candidate, this version is many new features and bugfixes.

IMPORTANT SECURITY FIX!

Full list of changes is here:
https://directadmin.com/versions.php?version=1.520000

Some significant changes:

New Features

Bug Fixes


Plus many ... many many more.

To update, go to your Admin Level -> Licenses/Updates, and click update.

Thanks! :)

John

Edit: Note, it's important to keep your system up to date.
We recommend using the update notification tool in CustomBuild, see step number 3.
We'll continue to push update requests to servers that are found to still be installing/running old versions.
 
Looking good, lots of nice features :) Regarding http2: I now have custom nginx http templates only to enable http2. The only thing to do to switch to the default templates and enable http2 everywhere is:

- Enable http2=1 in directadmin.conf
- Remove custom templates
- ./build rewrite_confs

Right?
 
Right :) If you have nginx compiled with http/2 (CustomBuild does that for you automatically if you run OpenSSL 1.0.2 or higher)
 
Do I need to remove exim_sni=1 and dovecot_sni=1, then add mail_sni=1?

I updated and that did not happen.
 
After updated, I can no longer access webmail by using "domain.com/webmail". Got and error "500 Internal Server Error". (nginx_apache mode with PHP-FPM)

Access by "domain.com/roundcube" is ok.
 
anyway to get the 1.51 version?
just ton of issues I don't feel like dealing with.
css issues on csf firewall, webpages on sites themselves not updating, initial install of 1.52 on fresh centos 6.9 server did not create admin user, reinstall fixed that but crap just not working riggt.
 
We'd be happy to deal with them for you ;)
Create a ticket and we can check things out.
Not too sure about the css/firewall issue, if that's even related to the release, nor the webpage updates..
Either way, create a ticket, and give us info and we'll be happy to help.

John
 
Not too sure about the css/firewall issue, if that's even related to the release, nor the webpage updates..
Doubt that too. Got several servers with Centos 6.9 all updated to DA 1.52 last night. No issues with webmail, webpages or CSF on any server. Everything is working flawlessly.
 
After updated, I can no longer access webmail by using "domain.com/webmail". Got and error "500 Internal Server Error". (nginx_apache mode with PHP-FPM)

Access by "domain.com/roundcube" is ok.

Just updated Custombuild to build 1733 and ./build rewrite_confs . Now it works.
 
was a simple fix. reinstall centos 6.9 :)
seems like I hit a mirror at just wrong time, deleting directadinfiles, val/lib/mysql, tweaking few others things fixed (so far my issues.
one thing I noticed is if I choose custom setup for custombuild it grabs mariadb 10.2.x which....for some reason...has lot of issues on clipbusket databases.
marty clued me in on a ticket and I will be filing github issue on clipbucket for this, looks to be unique identifier issue.
setting my.cnf to use myisam started working although i did (for reliability) have to lock mariadb to 10.1.28 version.
 
Doubt that too. Got several servers with Centos 6.9 all updated to DA 1.52 last night. No issues with webmail, webpages or CSF on any server. Everything is working flawlessly.

his was fresh cent6.9 install and failed csf however the one time time I did the choose fastest mirror option this happened.
reloaded DA (w/o reloading system) and used defaults and csf works.
t
 
was a simple fix. reinstall centos 6.9 :)
seems like I hit a mirror at just wrong time, deleting directadinfiles, val/lib/mysql, tweaking few others things fixed (so far my issues.
one thing I noticed is if I choose custom setup for custombuild it grabs mariadb 10.2.x which....for some reason...has lot of issues on clipbusket databases.
marty clued me in on a ticket and I will be filing github issue on clipbucket for this, looks to be unique identifier issue.
setting my.cnf to use myisam started working although i did (for reliability) have to lock mariadb to 10.1.28 version.

This is not the thread for MariaDB, but I want to let you know that in MariaDB 10.2.x strict mode is enabled as default, and my guess is that is causing some of your trouble. Try to disable strict mode. https://mariadb.com/kb/en/library/sql-mode/#strict-mode
 
This is not the thread for MariaDB, but I want to let you know that in MariaDB 10.2.x strict mode is enabled as default, and my guess is that is causing some of your trouble. Try to disable strict mode. https://mariadb.com/kb/en/library/sql-mode/#strict-mode

actually did try that no help, this looks to be more a script issue but I need to check. problem is once I upgrade to 10.2 downgrading to 10.1 is a nightmare
 
Yep I just read it, glad you figured it out!

marty helped a lot pointed out the unique identifier 10.2 uses and that (so far) has set me right.
lot was also caused by initial install never giving/generating the deafult password (and the setup.txt reflected this+ as well as the da_admin sql passwords
so....basically a cascading error at that point
 
- Enable http2=1 in directadmin.conf
- Remove custom templates
- ./build rewrite_confs

Did just that but no http/2. What am I missing?
DA version 1.52.0
CentOS Linux release 7.4.1708 (Core)
OpenSSL 1.0.2k-fips 26 Jan 2017
Custom Build 2.0.0 (rev: 1733)

options.conf
#PHP Settings
php1_release=5.6
php1_mode=php-fpm
php2_release=7.0
php2_mode=php-fpm

#WEB Server Settings
webserver=nginx_apache

Edit: It seems ALPN is not supported.
 
Last edited:
Did just that but no http/2. What am I missing?
DA version 1.52.0
CentOS Linux release 7.4.1708 (Core)
OpenSSL 1.0.2k-fips 26 Jan 2017
Custom Build 2.0.0 (rev: 1733)

options.conf
#PHP Settings
php1_release=5.6
php1_mode=php-fpm
php2_release=7.0
php2_mode=php-fpm

#WEB Server Settings
webserver=nginx_apache

Edit: It seems ALPN is not supported.

What is the output of: nginx -V ?
Is Nginx still build with OpenSSL 1.0.1e?
 
What is the output of: nginx -V ?
Is Nginx still build with OpenSSL 1.0.1e?

nginx -V
nginx version: nginx/1.13.5
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --prefix=/usr --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --http-log-path=/var/log/nginx/access_log --error-log-path=/var/log/nginx/error_log --without-mail_imap_module --without-mail_smtp_module --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_dav_module --with-http_v2_module --with-cc-opt=''-D FD_SETSIZE=32768''

How can I check "Is Nginx still build with OpenSSL 1.0.1e?"
openssl version outputs: OpenSSL 1.0.2k-fips 26 Jan 2017

Edit: it seems indeed build with 1.0.1e
Should CB not take care of that?
Perhaps I should ./build nginx_apache? Or just ./build nginx?
 
Last edited:
nginx -V
nginx version: nginx/1.13.5
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --prefix=/usr --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --http-log-path=/var/log/nginx/access_log --error-log-path=/var/log/nginx/error_log --without-mail_imap_module --without-mail_smtp_module --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_dav_module --with-http_v2_module --with-cc-opt=''-D FD_SETSIZE=32768''

How can I check "Is Nginx still build with OpenSSL 1.0.1e?"
openssl version outputs: OpenSSL 1.0.2k-fips 26 Jan 2017

Edit: it seems indeed build with 1.0.1e
Should CB not take care of that?

I noticed it today with the Curl 7.56 update.. Before I checked the version with curl -V and it was showing the same as Nginx, build with 1.0.1e. After updating and compiling curl was showing 1.0.2k.. So I think you need to recompile everything after updating OpenSSL. After I did a ./build nginx Nginx was showing also 1.0.2k.
 
Back
Top