DirectAdmin 1.52.0 has been released - Security fix!

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
8,923
Hello,

We're please to announce the release of DirectAdmin 1.52.0.
As mentioned in the release candidate, this version is many new features and bugfixes.

IMPORTANT SECURITY FIX!

Full list of changes is here:
https://directadmin.com/versions.php?version=1.520000

Some significant changes:

New Features

Bug Fixes


Plus many ... many many more.

To update, go to your Admin Level -> Licenses/Updates, and click update.

Thanks! :)

John

Edit: Note, it's important to keep your system up to date.
We recommend using the update notification tool in CustomBuild, see step number 3.
We'll continue to push update requests to servers that are found to still be installing/running old versions.
 

Erulezz

Verified User
Joined
Sep 14, 2015
Messages
435
Location
Arnhem, NL
Looking good, lots of nice features :) Regarding http2: I now have custom nginx http templates only to enable http2. The only thing to do to switch to the default templates and enable http2 everywhere is:

- Enable http2=1 in directadmin.conf
- Remove custom templates
- ./build rewrite_confs

Right?
 

smtalk

Administrator
Staff member
Joined
Aug 22, 2006
Messages
8,340
Location
LT, EU
Right :) If you have nginx compiled with http/2 (CustomBuild does that for you automatically if you run OpenSSL 1.0.2 or higher)
 

wattie

Verified User
Joined
May 31, 2008
Messages
995
Location
Bulgaria
Do I need to remove exim_sni=1 and dovecot_sni=1, then add mail_sni=1?

I updated and that did not happen.
 

nmb

Verified User
Joined
Sep 13, 2008
Messages
204
After updated, I can no longer access webmail by using "domain.com/webmail". Got and error "500 Internal Server Error". (nginx_apache mode with PHP-FPM)

Access by "domain.com/roundcube" is ok.
 

dmacleo

Verified User
Joined
Jun 21, 2012
Messages
635
anyway to get the 1.51 version?
just ton of issues I don't feel like dealing with.
css issues on csf firewall, webpages on sites themselves not updating, initial install of 1.52 on fresh centos 6.9 server did not create admin user, reinstall fixed that but crap just not working riggt.
 

DirectAdmin Support

Administrator
Staff member
Joined
Feb 27, 2003
Messages
8,923
We'd be happy to deal with them for you ;)
Create a ticket and we can check things out.
Not too sure about the css/firewall issue, if that's even related to the release, nor the webpage updates..
Either way, create a ticket, and give us info and we'll be happy to help.

John
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
4,221
Location
Maastricht
Not too sure about the css/firewall issue, if that's even related to the release, nor the webpage updates..
Doubt that too. Got several servers with Centos 6.9 all updated to DA 1.52 last night. No issues with webmail, webpages or CSF on any server. Everything is working flawlessly.
 

nmb

Verified User
Joined
Sep 13, 2008
Messages
204
After updated, I can no longer access webmail by using "domain.com/webmail". Got and error "500 Internal Server Error". (nginx_apache mode with PHP-FPM)

Access by "domain.com/roundcube" is ok.
Just updated Custombuild to build 1733 and ./build rewrite_confs . Now it works.
 

dmacleo

Verified User
Joined
Jun 21, 2012
Messages
635
was a simple fix. reinstall centos 6.9 :)
seems like I hit a mirror at just wrong time, deleting directadinfiles, val/lib/mysql, tweaking few others things fixed (so far my issues.
one thing I noticed is if I choose custom setup for custombuild it grabs mariadb 10.2.x which....for some reason...has lot of issues on clipbusket databases.
marty clued me in on a ticket and I will be filing github issue on clipbucket for this, looks to be unique identifier issue.
setting my.cnf to use myisam started working although i did (for reliability) have to lock mariadb to 10.1.28 version.
 

dmacleo

Verified User
Joined
Jun 21, 2012
Messages
635
Doubt that too. Got several servers with Centos 6.9 all updated to DA 1.52 last night. No issues with webmail, webpages or CSF on any server. Everything is working flawlessly.
his was fresh cent6.9 install and failed csf however the one time time I did the choose fastest mirror option this happened.
reloaded DA (w/o reloading system) and used defaults and csf works.
t
 

ditto

Verified User
Joined
Apr 27, 2009
Messages
2,464
was a simple fix. reinstall centos 6.9 :)
seems like I hit a mirror at just wrong time, deleting directadinfiles, val/lib/mysql, tweaking few others things fixed (so far my issues.
one thing I noticed is if I choose custom setup for custombuild it grabs mariadb 10.2.x which....for some reason...has lot of issues on clipbusket databases.
marty clued me in on a ticket and I will be filing github issue on clipbucket for this, looks to be unique identifier issue.
setting my.cnf to use myisam started working although i did (for reliability) have to lock mariadb to 10.1.28 version.
This is not the thread for MariaDB, but I want to let you know that in MariaDB 10.2.x strict mode is enabled as default, and my guess is that is causing some of your trouble. Try to disable strict mode. https://mariadb.com/kb/en/library/sql-mode/#strict-mode
 

dmacleo

Verified User
Joined
Jun 21, 2012
Messages
635
This is not the thread for MariaDB, but I want to let you know that in MariaDB 10.2.x strict mode is enabled as default, and my guess is that is causing some of your trouble. Try to disable strict mode. https://mariadb.com/kb/en/library/sql-mode/#strict-mode
actually did try that no help, this looks to be more a script issue but I need to check. problem is once I upgrade to 10.2 downgrading to 10.1 is a nightmare
 

dmacleo

Verified User
Joined
Jun 21, 2012
Messages
635
Yep I just read it, glad you figured it out!
marty helped a lot pointed out the unique identifier 10.2 uses and that (so far) has set me right.
lot was also caused by initial install never giving/generating the deafult password (and the setup.txt reflected this+ as well as the da_admin sql passwords
so....basically a cascading error at that point
 

Wanabo

Verified User
Joined
Jan 19, 2013
Messages
166
- Enable http2=1 in directadmin.conf
- Remove custom templates
- ./build rewrite_confs
Did just that but no http/2. What am I missing?
DA version 1.52.0
CentOS Linux release 7.4.1708 (Core)
OpenSSL 1.0.2k-fips 26 Jan 2017
Custom Build 2.0.0 (rev: 1733)

options.conf
#PHP Settings
php1_release=5.6
php1_mode=php-fpm
php2_release=7.0
php2_mode=php-fpm

#WEB Server Settings
webserver=nginx_apache

Edit: It seems ALPN is not supported.
 
Last edited:

Erulezz

Verified User
Joined
Sep 14, 2015
Messages
435
Location
Arnhem, NL
Did just that but no http/2. What am I missing?
DA version 1.52.0
CentOS Linux release 7.4.1708 (Core)
OpenSSL 1.0.2k-fips 26 Jan 2017
Custom Build 2.0.0 (rev: 1733)

options.conf
#PHP Settings
php1_release=5.6
php1_mode=php-fpm
php2_release=7.0
php2_mode=php-fpm

#WEB Server Settings
webserver=nginx_apache

Edit: It seems ALPN is not supported.
What is the output of: nginx -V ?
Is Nginx still build with OpenSSL 1.0.1e?
 

Wanabo

Verified User
Joined
Jan 19, 2013
Messages
166
What is the output of: nginx -V ?
Is Nginx still build with OpenSSL 1.0.1e?
nginx -V
nginx version: nginx/1.13.5
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --prefix=/usr --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --http-log-path=/var/log/nginx/access_log --error-log-path=/var/log/nginx/error_log --without-mail_imap_module --without-mail_smtp_module --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_dav_module --with-http_v2_module --with-cc-opt=''-D FD_SETSIZE=32768''

How can I check "Is Nginx still build with OpenSSL 1.0.1e?"
openssl version outputs: OpenSSL 1.0.2k-fips 26 Jan 2017

Edit: it seems indeed build with 1.0.1e
Should CB not take care of that?
Perhaps I should ./build nginx_apache? Or just ./build nginx?
 
Last edited:

Erulezz

Verified User
Joined
Sep 14, 2015
Messages
435
Location
Arnhem, NL
nginx -V
nginx version: nginx/1.13.5
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --prefix=/usr --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --http-log-path=/var/log/nginx/access_log --error-log-path=/var/log/nginx/error_log --without-mail_imap_module --without-mail_smtp_module --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_dav_module --with-http_v2_module --with-cc-opt=''-D FD_SETSIZE=32768''

How can I check "Is Nginx still build with OpenSSL 1.0.1e?"
openssl version outputs: OpenSSL 1.0.2k-fips 26 Jan 2017

Edit: it seems indeed build with 1.0.1e
Should CB not take care of that?
I noticed it today with the Curl 7.56 update.. Before I checked the version with curl -V and it was showing the same as Nginx, build with 1.0.1e. After updating and compiling curl was showing 1.0.2k.. So I think you need to recompile everything after updating OpenSSL. After I did a ./build nginx Nginx was showing also 1.0.2k.
 
Top