DirectAdmin v1.63.5 has been released

fln

Administrator
Staff member
Joined
Aug 30, 2021
Messages
226
Hi everyone!

We are happy to announce the release of DirectAdmin v1.63.5.

This release includes a new ClamAV scan feature, native auto-update support, series of security fixes and a lot of smaller improvements.

Release Change log can can be found here:

DirectAdmin 1.63.5

The update should be automatically available for all installations subscribed to the current release channel.

We appreciate all the feedback on forums and issues reported in the ticketing system.

Thanks!
fln
 

webcraft

Verified User
Joined
Dec 10, 2021
Messages
20
Can we reduce the random waiting interval for Auto updates from one week to one day for instance?
 

fln

Administrator
Staff member
Joined
Aug 30, 2021
Messages
226
@ikkeben, it is hard to justify the severity of security fixes without full disclosure. We recommend everyone to upgrade, this release is also available for legacy systems (CentOS 6 and FreeBSD). It is nothing critical like remote code execution or auth bypass 😄, but this release includes multiple smaller security fixes so they accumulate to rather important update.

@webcraft, initial release uses following random wait times, based on configured release channel:
  • stable, current - up to 1 week
  • beta - up to 1 day
  • alpha - up to 1 hour
We will update the defaults as needed in further releases, or make it configurable if we see a use case for that. Making it fully configurable might backfire if missconfigured, for example:
  • Making random wait much longer than an expected time between releases might lead to a situation where system is never upgraded.
  • Making random wait too small, might lead to network traffic or CPU spikes in big DCs, system unavailability in clustered systems or too little time to make post release hot-fixes.
Current defaults takes into consideration how often we expect to make releases in each release channel and how large is user base using particular release channel.
 
Last edited:

Active8

Verified User
Joined
Jul 13, 2013
Messages
1,092
Commit SHA08bf01074962df68a2e433362ce2c589c22f878f
Latest Commit SHA31a591d7c77e2681fa224c4ec9ad341e3b127be1
Server Version1.63.5
Current Available Version1.63.5
Updating changes nothing, still see this as update, running 1.63.5 (Centos 6 ELS)
 
Last edited:

fln

Administrator
Staff member
Joined
Aug 30, 2021
Messages
226
@Active8, thanks for report. To clarify build 08bf0... is a DirectAdmin 1.63.5 release for EOL distros (CentOS 6 to be precise). So your system is up to date. Release 31a59... is DirectAdmin 1.63.5 for non EOL distros.

Now the question is why an update is being reported.

Could you please show us the output of:
Code:
curl -k -s $(/usr/local/directadmin/directadmin root-auth-url)/api/version
?
 

Active8

Verified User
Joined
Jul 13, 2013
Messages
1,092
curl -k -s $(/usr/local/directadmin/directadmin root-auth-url)/api/version
{"commit":"08bf01074962df68a2e433362ce2c589c22f878f","version":"1.63.5","buildDistro":"rhel6_amd64","detectedDistro":"rhel6_amd64","update":{"available":false,"availableChannels":["current","stable","beta","alpha"],"channel":"current","commit":"08bf01074962df68a2e433362ce2c589c22f878f","version":"1.63.5"},"uptime":36334611788645,"os":"rhel6_amd64"}
 

fln

Administrator
Staff member
Joined
Aug 30, 2021
Messages
226
@Active8, Everything seems to be in order. No update availability reported, current build version matches latest available build version. I suspect this could be cause by old version of skin showing outdated info right after an upgrade. Refreshing licensing page should show that DA is up to date.
 

Active8

Verified User
Joined
Jul 13, 2013
Messages
1,092
old version of skin showing
Nope , changed from Enhanced to Evolution but the "update" is stil there

NameCurrent VersionAvailable Version
DirectAdmin
1.63.5 build 08bf01074962df68a2e433362ce2c589c22f878f1.63.5 build 31a591d7c77e2681fa224c4ec9ad341e3b127be1
 

fln

Administrator
Staff member
Joined
Aug 30, 2021
Messages
226
Thanks for clarifying. I see it is an issue with older skins (they are using legacy update information endpoint). For the time being please ignore this pending update. We will fix it in the next release.
 

mwashamba

New member
Joined
Jan 26, 2022
Messages
1
Hello senior,
Am notble to access directadmin via browser after i made an installation kindly help.
 

bdacus01

Verified User
Joined
Jul 22, 2017
Messages
3,698
Location
Murfreesboro
Am notble to access directadmin via browser after i made an installation kindly help.

If you need to hire an admin look in the consulting link
 

sparek

Verified User
Joined
Jun 27, 2019
Messages
254
initial release uses following random wait times, based on configured release channel:
  • stable, current - up to 1 week
  • beta - up to 1 day
  • alpha - up to 1 hour
Has stable been forgotten about?

Am I the only person on the stable channel?

January 24 2022 to February 3 2022 is 10 days.

Perhaps whatever security vulnerability was fixed in 1.63.5 doesn't apply to 1.63.3 - but some acknowledgement of that would be nice.

Truth be told - I'd probably prefer to stay on slightly older and more stable versions. BUT, if the cost of that is a known security vulnerability then that changes the equation considerably.
 

Richard G

Verified User
Joined
Jul 6, 2008
Messages
8,554
Location
Maastricht
We use current channel which is the default, it has 1.63.5. Is stable channel still on 1.63.3 with security vulnarabilities? That's a bit odd indeed.
 

sparek

Verified User
Joined
Jun 27, 2019
Messages
254
My servers on stable are still 1.63.3.

Maybe my servers aren't picking up an available update like they should be? (I don't have auto updates enabled, but custombuild does not report a new version for DirectAdmin).

Maybe 1.63.3 isn't vulnerable to the security risk? Some acknowledgement of this would be nice (i.e. "security hole discovered in 1.63.4 has been fixed in 1.63.5")

I'm beginning to wonder what the point of having different distribution channels is if security vulnerabilities are not addressed across all channels.
 

sparek

Verified User
Joined
Jun 27, 2019
Messages
254
Also kind of starting to wonder if I'm on invisible or something. Maybe Richard is the only one that can see me.

Maybe I'm the only person in the whole wide world that's using stable.

Lots of crickets...
 
Top