i-MSCP 1.3.9 RELEASED

Dear community,

We are pleasure to announce the immediate availability of i-MSCP version 1.3.9 which is a maintenance release for the 1.3.x Serie.

This new version addresses the following issues:

BACKEND

• Fixed: Prevent replacement of Apache2 variables in vhost files (iMSCP::TemplateParser)
• Fixed: Wrong substitution for deleted mount points (iMSCP::Mount)

FRONTEND

• Added: iMSCP_Authentication_AuthEvent class (Represent authentication event passed-in to listeners)
• Added: `onSharedScriptStart' and `onSharedScriptEnd' events
• Added: Static info in custom DNS management interface explaining rules for substitution with $ORIGIN (Custom DNS)
• Added: Support for DNS NS resource record - only allowed for subzone delegation (Custom DNS)
• Changed: Authentication service class now expects an authentication result object pulled from authentication event
• Changed: FTP chooser script (ftp_choose_dir.php) is now a shared script (previously, it was a client script)
• Fixed: A backend request must be triggered when a customer password is being updated by the administrator (Admin level)
• Fixed: Authentication data (htuser(s)/htgroup(s)) must remain selected upon errors (Protected area form)
• Fixed: Could not install a new software instance due to a bad check on installation path (Software installer)
• Fixed: Default (credentials) authentication handler must not stop propagation of authentication event on failure
• Fixed: Favicon not loaded in some browsers, specially MSIE
• Fixed: Installation of a new software instance on forwarded domains must be prohibited (Software installer)
• Fixed: Installation of a new software instance outside of the document root must be prohibited (Software installer)
• Fixed: MCRYPT extension is being deprecated in PHP 7.1.x and will be removed in PHP 7.2.x (replaced by openssl)
• Fixed: Missing check on FTP user owner while editing (Ftp user edit form - Security flaw)
• Fixed: Missing check on Htuser(s)/Htgroup(s) owner while editing (Protected area form - Security flaw)
• Fixed: Password hash is not updated on customer password change (Reseller level)
• Fixed: Reseller cannot edit DocumentRoot of domain aliases (Reseller alias edit form)
• Fixed: Several layout issues in admin/software_rights.tpl (Software installer)
• Fixed: Several layout issues in client/software_view.tpl (Software installer)
• Fixed: Wrong SQL query leading to an exception (Software installer)
• Removed: decryptBlowfishCbcPassword() function (replaced by \iMSCP\Crypt library)

INSTALLER

• Fixed: Default timezone badly detected - DateTime::TimeZone object isn't stringifiable

LISTENERS

• Added: 40_apache2_security_headers.pl listener file for Apache2 security headers - https://securityheaders.io
• Fixed: 10_proftpd_tuning.pl listener file is broken

MODULES

• Renamed: Modules::Htusers package to Modules::Htpasswd package

PLUGINS

• Fixed: Don't load unused data from plugin table (iMSCP_Plugin_Manager)
• Updated: API version to 1.0.7 (due to changes made in Authentication service class)

SCRIPTS

• Fixed: Hide DEBUG messages from the imscp-dpkg-post-invoke.pl script when running APT
• Fixed: Missing `--debug' command line option in several scripts

SECURITY

• Changed: Usage of AES-256 (Rijndael) algorithm to encrypt data in place of the Blowfish algorithm (see the errata)

SERVERS

• Fixed: Several issues with ProxyErrorOverride directive. See https://i-mscp.net/index.php/Thread/15502

UPGRADE

• Dropped: Upgrade support for i-MSCP versions older than 1.1.0 (See the errata)

YOUTRACK

• #IP-1639 When editing a hosting plan, some PHP INI values are not always those that were set while creation
• #IP-1640 When editing reseller properties, customers's PHP INI values are updated with incorrect values
• #IP-1665 Allow underscore in CNAME-record
• #IP-1666 Could not dump domain.tld when two DNS entries have same name
• #IP-1667 ITK httpd server implementation - Variables not replaced in vhost template
• #IP-1671 Backup script - literal error in sql query without visible or negative effect
• #IP-1672 DocumentRoot no longer editable for domains with shared mount point feature enabled
• #IP-1676 Input mask during installation when confirmation of password is wrong

DOWNLOAD
You can download this new version at:

• https://github.com/i-MSCP/imscp/releases/tag/1.3.9
• https://sourceforge.net/projects/i-mscp/

Thank you for choosing i-MSCP.