https://www.webmin.com/changes.html
Version 1.990 (3rd March 2022)
+ Fixed two security bugs in the File Manager module that could be
exploited by less privileged Webmin users.
+ Added buttons to stop and start the Cron daemon.
+ Fail2ban rules are preserved when applying the IPtables configuration
file.
+ Added support for static routes when using Netplan for network
configuration.
+ Updated the Authentic Theme to the latest version.
+ Updated the UI in several modules to use the latest API and be more
consistent with the rest of Webmin.
Version 1.984 (26th December 2021)
+ Mostly a bugfix release for issues found in 1.983.
Version 1.983 (4th December 2021)
+ Bugfix release for issues found in 1.982.
Version 1.982 (26th November 2021)
+ Added support for HTTP2 in the Apache module.
+ Added an optional feature to re-format the Apache configuration file.
+ Several different contributed translation updates.
+ Added support for extracting archive files and directory uploads in the
File Manager.
+ Updated the Authentic Theme to the latest version.
+ Many many other small bugfixes and features.
Version 1.981 (28th August 2021)
+ Fixes a couple of minor bugs, including one that broke MySQL backups in
some cases.
Version 1.980 (22nd August 2021)
+ In the Webmin Configuration module, added an option on the
Authentication Options page to enable a password change API for use by
other programs.
+ Removed rarely-used code to check for Webmin module updates.
+ Improved discovery of PHP INI configuration files.
+ Added support for Rocky and Alma Linuxes.
+ Let's Encrypt renewals can use Virtualmin Cloud DNS providers, if
configured.
+ Various language updates from contributors.
+ Update the Authentic Theme to the latest release.
Version 1.979 (15th June 2021)
+ Added support for setting up two-factor authentication in Usermin.
+ Security fixes for un-trusted inputs in the Network Configuration
module.
+ Updated the Authentic Theme to the latest version.
+ Various bugfixes for issues found in version 1.974.
Version 1.974 (1st May 2021)
+ Bugfix release for various issues in 1.973.
Version 1.973 (7th March 2021)
+ Bugfix release for minor issues in 1.972.
Version 1.972 (1st March 2021)
+ Updated the CA cert used for Let's Encrypt again.
+ Updated the Authentic Theme to the latest version.
+ Added support for per-user preferences to the File Manager and other
modules.
Version 1.970 (6th January 2021)
+ Updated the CA cert used for Let's Encrypt.
+ Updated the Authentic Theme to the latest version.
+ Added limits on the number of concurrent connections per IP address and
IP network.
+ Fixed a security bug that affects Webmin when run on Windows.
+ Many French translation updates.
Version 1.962 (11th November 2020)
+ Bugfix release for 2FA issues.
(pkgsrc changes)
- Utilize common DISTINFO_FILE
- patches converted to SUBST. Make portable to version update
- (two distinfo files will be recovered again after this commit, sorry)
- PKGPATH variable does not hold the value yet in Makefile (right ?)
(upstream changes)
Version 1.955 (22nd August 2020)
More bugfixes, and an update to the theme.
Version 1.954 (2nd August 2020)
Minor bugfixes to 1.953
Version 1.953 (5th July 2020)
Added optional automatically generated translations for all
languages, and switched all encodings to UTF-8.
Updated the Authentic theme to the latest version.
Added support for Postfix SNI certificate maps.
Added Chrony support in the System Time module.
Added caching for LDAP and MySQL connections for Webmin users.
Removed several noisy messages from the error log.
Many many other small bugfixes and features.
(pkgsrc)
- sysutils/wbm-acl Added
- sysutils/wbm-proc Added
- sysutils/wbm-file deleted
- sysutils/wbm-cyrus-imapd converted 2.1 to 2.4
(upstream)
Version 1.941 (15th January 2019)
o Put back an updated version of the built-in Let's Encrypt client.
Version 1.940 (28th December 2019)
o Removed Webmin's built-in Let's Encrypt client, in favor of
recommending the official certbot command.
o Added support for creating "safe-mode" Webmin users who have access
only to modules and permissions that don't grant root access.
o Added support for CAA records in the BIND module.
o Postfix maps with more than 100 entries by default are now shown with a
search box.
o Updated the Authentic Theme to the latest version, which includes
numerous improvements to the file manager and overall UI.
Version 1.930 (17th August 2019)
o Fixed a security hole that allows remote exploits if the option to
change expired passwords is enabled. All users should upgrade
immediately to pick up this fix!
o Updated the Authentic Theme to the latest version.
Version 1.920 (6th July 2019)
o Updated the Authentic Theme to the latest version.
o Added an option to disable (comment out) hosts file entries.
o Added a monitor type to check if a bootup action is running or not.
o Translation updates for multiple languages.
Version 1.910 (9th May 2019)
o Updated the Authentic Theme to the latest version.
o More translation updates for multiple languages.
o The next run time of each cron job can be displayed by enabling a new
config option.
o Added a tab for managing APT and YUM repos to the Software Packages
module.
o Added support for file ownership and permission checks to the File or
Directory monitor.
Version 1.900 (19th November 2018)
o Updated the Authentic Theme to the latest version.
o Translation updates for multiple languages.
o When installing a package, the list of other dependencies that will be
also installed is displayed for confirmation.
o Wildcard SSL certs can now be requested via Let's Encrypt in DNS mode,
if the native client is installed.
o Announcements to all Webmin users can now be displayed on the System
Information page.
Version 1.890 (19th July 2018)
o Added support to the Network Configuration module for the Netplan
interface format used on Ubuntu 18 and above.
o Bulgarian, German and Catalan language translation updates.
o Theme updates to the file manager, high-contrast mode, Japanese,
German, Swedish and Albanian language updates, better date display and
more.
o Improved support for freezing and thawing dynamic zones and IPv6 zone
transfers in the BIND module.
o Scheduled funtions are now recorded in the Webmin Actions Log module.
o Improved detection of new Postfix versions.
o Email autoresponder option to prevent replies to forwarded email.
o OpenSuSE Leap, Debian 9 and Ubuntu 18 support.
Version 1.881 (16th March 2018)
o Bugfixes for the Cron module.
o Further updates to the Authentic theme.
Version 1.880 (4th March 2018)
o German, Catalan and Bulgarian translation updates.
o The newest version of the Authentic theme.
o Added a page for manually editing the MySQL config files, and
implemented support for config includes.
o Added a page for manually editing the allowed hosts config file.
o Added a config option to set a minimum interval between notifications
for each monitor in the System and Server Status module.
o Bugfixes for DNS validation for Let's Encrypt certificates.
Version 1.870 (8th December 2017)
o Major updates to the Authentic theme to speed up page loads and add
real-time system statistics.
o Greek, Bulgarian, Catalan and Russian translation updates and encoding
fixes.
o Severel fixes for Let's Encrypt SSL certificate requests.
o UI cleanups in the Majordomo module.
o UI unification in the IPv4 and IPv6 firewall modules.
o Numerous fixes for minor Perl error and warnings.
Version 1.860 (10th October 2017)
o Fixed an XSS vulnerability in the MySQL module (thanks to Munzir Taha).
o Fixed a security issue that could be exploited by using the Upload and
Download module to fetch an untrusted URL (thanks to Maor Shwartz)
o Updated to the latest version of the Authentic theme.
o More Majordomo module improvements, thanks to gnadelwartz.
o Fixed upstart vs systemd detection.
o German translation updates from Raymond Vetter, Albanian from Adalen
Vladi, and Catalan from Jaume Badiella.
o Let's Encrypt fixes when using DNS-based validation in a sub-domain.
Version 1.850 (28th June 2017)
o Fixed multi-hostname DNS registration and the display of error messages
in Let's Encrypt support.
o Numerous Majordomo module improvements, thanks to gnadelwartz.
o Added support for creating and editing port forwards in the FirewallD
module.
o Filesystems that have less than 1% free disk space are now shown on the
System Information page.
o Numerous bugfixes across multiple modules.
Version 1.840 (8th May 2017)
o Fixes for XSS security vulnerabilities
o Many updates to the Authentic theme.
o SSHFP record support in the BIND module.
o Thin provisioned LV support in the LVM module.
o SNI (per-domain-name) SSL certificate support in Webmin itself.
o DNS validation mode for Let's Encrypt certificates.
o Manual editor for Cron jobs.
o More German, Norwegian and Catalan translation updates.
--------------------------------------
---- Changes since 1.590 ----
The titles for existing clone modules can now be changed on the Module
Titles page.
---- Changes since 1.610 ----
- Added a page for viewing and running Webmin scheduled functions.
- Added a section to the Sending Email page to verify that the
configured mail server settings work.
---- Changes since 1.620 ----
Added a setting to the Web Server Options page to control if redirects
use just a path, or the full URL.
---- Changes since 1.640 ----
Actions on the Webmin Scheduled Functions page can now be clicked on
to change the time the function runs at.
---- Changes since 1.650 ----
Added an SSL option to use only ciphers with perfect forward secrecy.
Added support for two-factor authentication using Authy or Google Authenticator.
---- Changes since 1.660 ----
Updated the UI on several pages to use the standard Webmin library,
for a more consistent look.
---- Changes since 1.730 ----
Added an option to use an SSL connection when Webmin sends email, for
connecting to remote mail servers like Gmail that don't allow
unencrypted SMTP.
---- Changes since 1.770 ----
An SSL certificate can now be requested from Let's Encrypt using a new
tab on the SSL Encryption page.
---- Changes since 1.780 ----
Added an option for automatically renewing Let's Encrypt certificates.
If the Let's Encrypt client is not installed, Webmin will use its own
built-in client code to request a certificate.
---- Changes since 1.800 ----
Added an option to the logging page for sending Webmin action log
messages via email.
---- Changes since 1.810 ----
The Let's Encrypt key size can now be customized.
When Perfect Forward Secrecy ciphers are selected, the required DH
params file is now created and used by Webmin.
Problems found with existing digests:
Package memconf distfile memconf-2.16/memconf.gz
b6f4b736cac388dddc5070670351cf7262aba048 [recorded]
95748686a5ad8144232f4d4abc9bf052721a196f [calculated]
Problems found locating distfiles:
Package dc-tools: missing distfile dc-tools/abs0-dc-burn-netbsd-1.5-0-gae55ec9
Package ipw-firmware: missing distfile ipw2100-fw-1.2.tgz
Package iwi-firmware: missing distfile ipw2200-fw-2.3.tgz
Package nvnet: missing distfile nvnet-netbsd-src-20050620.tgz
Package syslog-ng: missing distfile syslog-ng-3.7.2.tar.gz
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
This version contains Unspecified Command Execution Vulnerability fix.
http://secunia.com/advisories/26885/
Changes since Webmin version 1.360
Webmin Users
Added the Password Restrictions page, for configuring password quality and
change time settings.
Re-designed the Edit User page to use the new Webmin UI library, and move
lesser-used fields into collapsible sections.
Webmin users can have a real name, which can be any text you like.
Apache Webserver
Available Apache modules are now fully automatically detected on all
operating systems, which does away with the Re-Configure Known Modules page.
Bacula Backup System
Removed the requirement for the /etc/bacula/bacula command to be installed,
if /etc/init.d/bacula-* scripts exist.
Added a field to the mount/un-mount page for entering an auto-loader slot
number.
BIND DNS Server
Added a button to the main page for adding a record with the same name and
value to multiple domains at once.
Perl Modules
The module is now available when running Webmin inside a Solaris zone, but
only if Perl is not shared with the global zone.
Dovecot IMAP/POP3 Server
Supported newer versions of Dovecot which use mail_location instead of
default_mail_env.
File Manager
Added a Module Config option to specify file extensions to treat as HTML,
rather than always using only .html and .htm.
Postfix Configuration
Added the new SMTP Authentication And Encryption page for setting SASL and
TLS related options.
Linux RAID
Added support for RAID 10 arrays when using MDADM.
Changed the main page to use a table for existing RAID arrays, rather than
icons.
Added a section for configuring RAID problem notification when using MDADM.
Shoreline Firewall
(Updates by Paul Gear <paul@gear.dyndns.org>.)
BUG: Corrected mis-handling of nested zones introduced in 1.350.
Removed debugging cruft added in 1.350.
Added support for end-of-line comments in zones, params, and shorewall.conf.
Added support for display of long zone names under the new zones format.
Added module option to disable display of long zone names in the rules file.
Usermin Configuration
Separated the Configure Module page into tabs, to make it clearer which
options are global and which are default user preferences.
Webmin Configuration
Added a field to the Advanced Options page to control the number of days
that files in /tmp/.webmin are kept before automatic deletion.
Changes since Webmin version 1.350
Apache Webserver
On Debian and Ubuntu systems, replaced the existing pages for selecting
Apache modules with one that that configures the /etc/apache2/mods-enabled
directory, for much simpler and more workable control over modules.
Scheduled Cron Jobs
Added a button on the Edit Job page for cloning an existing job.
Linux Firewall
Added a setup option to configure a firewall for a typical hosting server.
LDAP Users and Groups
UID and GID allocation is now done by querying the LDAP server for specific
IDs, rather than fetching a list of all users to find which ones are used.
This should be faster on large LDAP servers.
Network Configuration
Re-wrote Gentoo networking support code to work with 2006 and later versions.
PostgreSQL Database Server
Fixed a bug that prevented the 'valid until' date from being displayed for
existing users.
Disk Quotas
Added a Module Config option to show both hard and/or soft quota percentages.
SMART Drive Status
Added a Module Config option for extra smartctl command-line args,
like -d 3ware,0
Usermin Configuration
Added an option to the Authentication page to block users with too many
failed logins, as well as hosts.
Created the new Blocked Hosts and Users page to show blocks currently in
force, and allow them to be cleared.
Webmin Configuration
Added an option to the Authentication page to block users with too many
failed logins, as well as hosts.
Created the new Blocked Hosts and Users page to show blocks currently in
force, and allow them to be cleared.
Added an option to the Ports and Addresses page to control if Webmin
attempts to to reverse-resolve the connected-to IP address when issuing
redirects, such as from non-SSL to SSL mode.
Version 1.350 (1 June 2007)
* Fixed an XSS security bug in pam_login.cgi.
* Added plain-text mode and head section preservation to the File Manager HTML editor, and a field to select which user uploaded files are owned as.
* Added Postfix module configuration options for the start, stop and restart commands.
* Use the HTML output mode from the pgsql command in the PostgreSQL module, for more reliable data editing when DBI is not available.
* The Running Processes module now shows real and virtual memory on Solaris.
* Added Redhat Enterprise 5 support, and fixed SuSE 10 and Solaris-specific bugs
Fixed problem:
Radio button fields in many forms have the wrong name, causing virtual host
creation to fail and possible incorrect changes to the Apache config.
pkgsrc chages: use full distfile instead of non version indivisual module files.
Version 1.340 (8 April 2007)
* Change the default Blue Framed theme to match the style of www.webmin.com, and generally look nicer.
* User interface cleanups in various modules (Apache, Backup Config, Webmin Configuration and others), adding tabs to reduce the size of pages and converting code to use ui-lib.pl.
* The Perl Modules module can now fetch RPM or Deb packaged modules from YUM or APT, where available.
* Added easy fields for sending SMS messages in the System and Server Status module (for US carriers that have email to SMS gateways).
* Replace the old HTMLarea widget for HTML editing in the File Manager and Read User Mail modules with Xinha.
* Linux quotas are now set with the setquota command, which shows up nicely in the actions log.
* Optimizations to speed up getting the hostname and Postfix config settings.
* Improved YUM and Redhat Network support in the Software Packages module.
* View the detailed change log.
Version 1.330 (27 February 2007)
* If the underlying OS is upgraded after Webmin is installed, a message is displayed on the main page prompting you to fix it.
* Added a feature in the BIND module for updating an IP address in multiple zones at once.
* The File Manager now automatic detects HTML files and launches the correct editor.
* Improved the LDAP module's support for large databases.
* When there are too many tables or databases to display in the MySQL and PostgreSQL modules, a menu for selecting a specific table is shown instead.
* Added functions to ui-lib.pl for tabs and hidden table sections.
* Added support for comments to the Shorewall module, and improved logging
* The Webmin Actions Log module can now rollback selected files changed by an action, rather than all of them.
* View the detailed change log.
Version 1.320 (21 January 2007)
* Added the PHP Configuration module for managing php.ini.
* Changed the default theme for new installs to the Blue Framed theme.
* Improved handling of large file uploads so that they are no longer read into memory by Webmin webserver. Also added a progress bar window for tracking uploads.
* Added checkboxes for deleting multiple objects at once in several modules.
* Changed all rows of links (like Select all / Invert selection / Add something) to put | characters between them, to improve readability.
* Big improvements in Windows support in various modules and the Webmin core.
* Enhanced the System and Server Status module to allow monitoring of all hosts in a Webmin server group.
* View the detailed change log.
Version 1.310 (28 November 2006)
* Big improvements in Ubuntu support, including the Bootup and Shutdown module, mounting filesystems specified with the UUID syntax, and various default module config changes.
* Re-designed the Simple Blue theme to use frames.
* Added support for IPv6 addresses in modules where the underlying servers allow them.
* Supported HFS and FATX filesystems under Linux.
* MySQL backups can now be compressed with gzip or bzip2.
* Added file locking and logging to the Postfix module, and improved access control features.
* Added checkboxes and buttons for mass deletion in the Cron and DHCP modules.
* Added access control options for the Info window to the File Manager module, and a feature to allow extraction of ZIP files on the server.
* View the detailed change log.
Version 1.300 (15 September 2006)
* Fixed security holes that allow the source of Webmin programs to be viewed, and allow cross-site-scripting attacks.
* XML-RPC clients can now call Webmin API functions.
* On systems with no root password, users with sudo access can login to Webmin as root.
* Improved support for latest Debian and Fedora releases, including the new IPtables config system in Debian 3.1.
* The file manager can now extract tar.bz2 files, store a history of entered paths, and show the total size of a directory.
* The Filesystem Backup module can backup and restore TAR and dump files over FTP.
* MySQL server variables and connections can be viewed and changes.
* Table data can be sorted by clicking on headers in the MySQL and PostgreSQL modules.
* Improved support for PostgreSQL 8, including editing tables with no OID field.
* Sendmail and Postfix aliases and maps can have a comment associated with each entry.
* Squid 2.6 is now supported.
* View the detailed change log.
Version 1.290 (29 June 2006)
* Fixed a security hole that would allow a remote attacker to view any file on the system.
* Added the LDAP Client module, for setting up a Linux system to get users and groups from an LDAP server.
* Added support for sending email when a group is over quota to the Disk Quotas module.
* Several other small fixes for bugs found since 1.280.
* View the detailed change log.
Version 1.280 (16 June 2006)
* Added the Simple Blue theme, a less graphics-heavy design which may eventually become the default. This theme takes advantage of changes in many modules to use highlighting on table rows.
* Updated the Apache module to support version 2.2.0.
* Updated the various operating-specific NFS server modules to support mass deletion of exports, and to internationalize those that were using hard-coded text strings.
* Updated various modules to allow deletion of multiple objects (such as table fields, Samba shares, PostgreSQL grants, Squid ACLs and so on) at once.
* Added configuration options to the Read User Mail module for the date format, pager arrow locations, timezone and separate message window mode.
* Updated the MySQL module to support views in MySQL version 5.
* Enhanced the System and Server Status module to allow the selection of multiple hosts for each monitor, added a monitor type for testing an SQL server, and updated the Network Traffic monitor to support FreeBSD.
* Fixed a security hole that allows remote viewing of any file on the system when Webmin is run on a Windows server.
* View the detailed change log.