DirectAdmin v1.63.5 has been released

fln

Administrator
Staff member
Joined
Aug 30, 2021
Messages
892
Hi everyone!

We are happy to announce the release of DirectAdmin v1.63.5.

This release includes a new ClamAV scan feature, native auto-update support, series of security fixes and a lot of smaller improvements.

Release Change log can can be found here:

DirectAdmin 1.63.5

The update should be automatically available for all installations subscribed to the current release channel.

We appreciate all the feedback on forums and issues reported in the ticketing system.

Thanks!
fln
 
Can we reduce the random waiting interval for Auto updates from one week to one day for instance?
 
@ikkeben, it is hard to justify the severity of security fixes without full disclosure. We recommend everyone to upgrade, this release is also available for legacy systems (CentOS 6 and FreeBSD). It is nothing critical like remote code execution or auth bypass 😄, but this release includes multiple smaller security fixes so they accumulate to rather important update.

@webcraft, initial release uses following random wait times, based on configured release channel:
  • stable, current - up to 1 week
  • beta - up to 1 day
  • alpha - up to 1 hour
We will update the defaults as needed in further releases, or make it configurable if we see a use case for that. Making it fully configurable might backfire if missconfigured, for example:
  • Making random wait much longer than an expected time between releases might lead to a situation where system is never upgraded.
  • Making random wait too small, might lead to network traffic or CPU spikes in big DCs, system unavailability in clustered systems or too little time to make post release hot-fixes.
Current defaults takes into consideration how often we expect to make releases in each release channel and how large is user base using particular release channel.
 
Last edited:
Commit SHA08bf01074962df68a2e433362ce2c589c22f878f
Latest Commit SHA31a591d7c77e2681fa224c4ec9ad341e3b127be1
Server Version1.63.5
Current Available Version1.63.5
Updating changes nothing, still see this as update, running 1.63.5 (Centos 6 ELS)
 
Last edited:
@Active8, thanks for report. To clarify build 08bf0... is a DirectAdmin 1.63.5 release for EOL distros (CentOS 6 to be precise). So your system is up to date. Release 31a59... is DirectAdmin 1.63.5 for non EOL distros.

Now the question is why an update is being reported.

Could you please show us the output of:
Code:
curl -k -s $(/usr/local/directadmin/directadmin root-auth-url)/api/version
?
 
curl -k -s $(/usr/local/directadmin/directadmin root-auth-url)/api/version
{"commit":"08bf01074962df68a2e433362ce2c589c22f878f","version":"1.63.5","buildDistro":"rhel6_amd64","detectedDistro":"rhel6_amd64","update":{"available":false,"availableChannels":["current","stable","beta","alpha"],"channel":"current","commit":"08bf01074962df68a2e433362ce2c589c22f878f","version":"1.63.5"},"uptime":36334611788645,"os":"rhel6_amd64"}
 
@Active8, Everything seems to be in order. No update availability reported, current build version matches latest available build version. I suspect this could be cause by old version of skin showing outdated info right after an upgrade. Refreshing licensing page should show that DA is up to date.
 
old version of skin showing
Nope , changed from Enhanced to Evolution but the "update" is stil there

NameCurrent VersionAvailable Version
DirectAdmin
1.63.5 build 08bf01074962df68a2e433362ce2c589c22f878f1.63.5 build 31a591d7c77e2681fa224c4ec9ad341e3b127be1
 
Thanks for clarifying. I see it is an issue with older skins (they are using legacy update information endpoint). For the time being please ignore this pending update. We will fix it in the next release.
 
Also I don't see the current active scan listed
Debian 11 fully updated
 
Hello senior,
Am notble to access directadmin via browser after i made an installation kindly help.
 
Am notble to access directadmin via browser after i made an installation kindly help.

If you need to hire an admin look in the consulting link
 
How does


relate to those of us there are on the stable channel - which is still 1.63.3?

Seems odd that "stable" would not get a security fix - especially a security fix that is "strongly recommended"
 
initial release uses following random wait times, based on configured release channel:
  • stable, current - up to 1 week
  • beta - up to 1 day
  • alpha - up to 1 hour
Has stable been forgotten about?

Am I the only person on the stable channel?

January 24 2022 to February 3 2022 is 10 days.

Perhaps whatever security vulnerability was fixed in 1.63.5 doesn't apply to 1.63.3 - but some acknowledgement of that would be nice.

Truth be told - I'd probably prefer to stay on slightly older and more stable versions. BUT, if the cost of that is a known security vulnerability then that changes the equation considerably.
 
We use current channel which is the default, it has 1.63.5. Is stable channel still on 1.63.3 with security vulnarabilities? That's a bit odd indeed.
 
My servers on stable are still 1.63.3.

Maybe my servers aren't picking up an available update like they should be? (I don't have auto updates enabled, but custombuild does not report a new version for DirectAdmin).

Maybe 1.63.3 isn't vulnerable to the security risk? Some acknowledgement of this would be nice (i.e. "security hole discovered in 1.63.4 has been fixed in 1.63.5")

I'm beginning to wonder what the point of having different distribution channels is if security vulnerabilities are not addressed across all channels.
 
Also kind of starting to wonder if I'm on invisible or something. Maybe Richard is the only one that can see me.

Maybe I'm the only person in the whole wide world that's using stable.

Lots of crickets...
 
Back
Top