A new Launchpad update has been pushed laying out groundwork for automatic updates to WordPress, Joomla!, Drupal, and Magento in the panel. The update system is built on Laravel Horizon and solves many issues with batching jobs, retrying failed jobs, and of simplifying notification that would have been a PITA to build from scratch.

Laravel Horizon early implementation

Auto-updates won’t go live until November, in the meanwhile here’s what happens:

  • No action: all detected web applications across all domains and subdomains will automatically update to the most recent version, unless that update fails.
  • Disable auto-updates: no auto-updates will be applied to the app you’ve configured this for. You’re on your own brave sailor.
  • Version lock: Major, minor (auto-update must be on) – restrict auto-updates to the current major or minor version, e.g. if major is set and app is 4.8.1 and both 4.9.0 and 4.8.2 are released, it will upgrade to 4.9.0. If minor is selected, app will upgrade to 4.8.2. If 4.9.1 is released with minor on, the app will not upgrade.

Changes can be made by selecting the application from Web > Web Apps and changing options. As of now it won’t peek into subdirectories, e.g. “debug.com/wp” for auto-updates, but that is subject to change in the future.

Auto-update indicator in Launchpad
New Web App options

Additional notable changes:

  • HTTP/1.0 support can now be enabled via Web > Web Apps. Select the hostname. Tick “Allow HTTP/1.0 connections”. This option works on hostnames and cannot be restricted to folders at this time.
  • CAA resource record support under DNS > DNS Manager. A CAA restricts which agencies can and cannot issue certificates for your domain for an added layer of security.
  • Bungled permissions? Reset an entire document root to original permissions + ownership via Web > Web Apps or use its corresponding API call, file_reset_path(). From there you can reapply permissions.

    Reset permissions in Web > Web Apps
  • Much improved Vacation interface. Use HTML, preview your vacation reply, customize salutations, and tweak duplicate responses. Prior to this change, vacation messages would send once per vacation period per email address. Now you can tweak how often this period resets while in vacation.

    Sample vacation interface
  • A new theme, Material, based off Google’s Material Design philosophy. Visit Account > Settings > Themes to get started.

    Material and Launchpad themes side-by-side comparison
  • Wanna tweak a theme? Custom themes are supported in Launchpad. Download the Bootstrap SDK to get started. Source maps are bundled with every theme. You can use Chrome’s Developer Tools to edit Sass in-browser and after mapping the workspace to your cloned repo, save those changes in the raw *.sass files.
  • Full DAV2 compliance. WebDisk will now work on MacOS, Linux, and Windows 10. Visit Files > WebDisk to use it. Unlike FTP, WebDisk allows the account administrator to manage files of secondary users and bypass discretionary access controls.

Changelog

  • NEW: Laravel Horizon integration for job management
  • NEW: [core] => override_js tunable, allow for custom JavaScript, see apnscp-bootstrap-jdk on github (config.ini)
  • NEW: allow/deny HTTP/1.0 requests (Web Apps)
  • NEW: limit bug reports in a request lifetime (Error Reporter)
  • NEW: config_path() helper, which more accurately reflects config/ directory (helpers)
  • NEW: HIDE_BUILTIN_RENDERER, hide renderer entirely. Used when another application takes control of look and feel (Page Renderer)
  • NEW: app_path() helper function
  • NEW: is_link() patchwork for ZTS bug (Util_PHP)
  • NEW: write(), reload()- force write or reload (without write) of preference data (Preferences)
  • NEW: tunable, [letsencrypt] -> verify_ip. Verify the hostname IP address matches the account IP address before performing ACME request. (letsencrypt)
  • NEW: CAA record support (DNS)
  • NEW: mute_stdin to force closure of stdin (Util_Process)
  • NEW: Opcenter WIP, refactored
  • NEW: Cardinal, lightweight global callback facility used with AddDomain/EditDomain/DeleteDomain
  • NEW: Enforce module conformance with Hookable contract
  • NEW: add support for loading JS asset named after theme in public/js/themes/ (Page Container)
  • NEW: Material theme, WIP
  • NEW: reject authentication attempts after a predefined threshold (Anvil)
  • NEW: conf(), shorthand wrapper to fetching profile config (Auth)
  • NEW: DAV Class 2, after… 10 years? Supports locks, props, and includes a nice web interface. All users except primary user are opted out (User > Manage Users to opt-in) (DAV)
  • NEW: DAV permission, include/exclude users from DAV
  • NEW: user themes. Visit https://github.com/apisnetworks.com/apnscp-bootstrap-sdk to get started (Settings)
  • NEW: pdo()- export a copy of the primary database connection as a PDO object (MySQL)
  • NEW: login side pane now optional (Login)
  • NEW: autoload_class_from_module(), decide on runtime whether to load surrogate or module based upon presence (afi)
  • NEW: first git release, revamped filesystem organization
  • FIX: $_SESSION[‘valid’] can be false on expiry, check for such case (Auth)
  • FIX: gethostbyname_r()- ??? avoid unpacking zero-byte trailing response (Gethost)
  • FIX: Bootstrap lint errors (Page Template)
  • FIX: App bar now fills the page without additional scroll
  • FIX: convert relative pathing to absolute location (scripts)
  • FIX: missing Magento yaml
  • FIX: TOADDR not parsed (Mailbot)
  • FIX: “file” type descriptor requires 2 parameters, filename + mode (Util::Process)
  • FIX: squelch warning when overwriting descriptor options if alias is same (Util::Process)
  • FIX: reap()- loop termination predicated on status rather than return value thus resulting in a stuck process in certain situations (apnscpd)
  • FIX: deleteZone()- rtrim() expects parameter 1 to be string, boolean given (DNS Manager)
  • FIX: old template format (.tpl) loaded on AJAX if new Blade format used (Page Container)
  • FIX: scan account config in raw mode thus allowing arbitrary markup that is acceptable in Ensim’s configuration parser to also be acceptable to PHP. Remove once backend kicked out (Util_Conf)
  • FIX: exception thrown on inaccessible .htaccess file (.htaccess Manager)
  • FIX: mkdir()- complex conditional never properly shortcircuits (Filesystem)
  • FIX: export both surrogate and base class methods (SOAP)
  • FIX: trim space after splitting tuplies (Util_Conf)
  • FIX: Object.keys(<object>) not <object>.keys() (DNS)
  • FIX: passing null as first formatted argument bypasses setting remaining arguments (Util_Process)
  • FIX: allow named arguments (Util_Process::Chroot)
  • FIX: yum-post, wrong loop condition caused by change in PostgreSQL::fetch_object() change (Yum Synchronizer)
  • FIX: certificates that have already expired are not updated (letsencrypt)
  • FIX: incorrect string comparison on site certificate enumeration (letsencrypt)
  • FIX: check location presence only if prompted (SSL Certificates)
  • FIX: only show grant options if database exists. Resolves situation in which DB is deleted and grant options still show. (MySQL Manager)
  • FIX: state when file does not exist returns array (File Manager)
  • FIX: trim trailing whitespace from platform declaration (helpers)
  • FIX: HTML markup (Billing History)
  • FIX: variables passed by ref (WebDav)
  • FIX: require locale information for CSR generation (SSL Certificates)
  • FIX: empty args skipped in at (Util_Process::Schedule)
  • FIX: Download and Extract always extracts to home directory (File Manager)
  • FIX: is_debug or verbosity > 0 fails to emit errors to backend (Error Reporter)
  • FIX: redirect to port 2083 if redirection occurs under SSL (Auth::Redirect)
  • FIX: in multi-server setups, multiple redirects to internal servers from proxy can result in IP getting erroneously blocked (Auth)
  • FIX: utoa/atou not defined (apnscp.js)
  • FIX: swapped menu layout extends beyond page boundary (Material)
  • FIX: fortify()- apply rwx to owner as well in situations where web server creates file (Webapps Support)
  • FIX: gravatar meta not cached (UCard)
  • FIX: return 403 if file_expose() fails due to insufficient permissions (Dav)
  • FIX: parameter callback overwritten by registered callbacks (Error Reporter)
  • FIX: permissions on apnscpd
  • FIX: ensure domainmap.tch is writeable when inserting initial domain record (Auth)
  • FIX: timeout not enforced on fopen/file_get_contents wrapper (Util::Browscap)
  • FIX: ensure ulimit return is integer (Util::Ulimit)
  • FIX: user_id/group_id not initialized on session reset (Login)
  • FIX: get_site_id_from_domain()- return null if no domain passed before querying table, useful when bootstrapping domainmap.tch from domainmap (Auth)
  • FIX: entry_domain, not login_domain (User Add)
  • FIX: shellinabox must be located in httpd.conf now
  • FIX: disabling unrecognized logins breaks login redirection (Login)
  • FIX: client_ip()- If X-Forwarded-For is set, ensure that [http] => trusted_forward is set in config.ini (Auth)
  • FIX: bring DAV back (WebDAV)
  • FIX: application.spec (Add User)
  • FIX: strongest supported hash is never selected (auth)
  • FIX: installing a 1-click on a global subdomain renders the site unreachable on certain application-specific redirects
  • FIX: mysql password identifier passed as “passwd”, not “password” on site creation (Sql)
  • FIX: load surrogate if present (Util::Account::Hooks)
  • FIX: add_mailbox()- user mailbox can be supplied in mixed-case resulting in breakage elsewhere (email)
  • FIX: permissions
  • FIX: only call uninstallPostHook() if admin user in enumeration list (Opcenter::Database)
  • FIX: reset database connection
  • FIX: ensure get_database_size() returns integer rather than implicit cast (sql)
  • FIX: convert newlines to BR (crm)
  • FIX: add_mysql_user()- query when authentication_string field must be present (sql)
  • FIX: only toggle SSH PAM if SSH enabled on account (user)
  • FIX: oddity, on helios directive(‘inline’) includes parentheses, only difference is ZTS in PHP (Blade)
  • FIX: trim certificate hostname before checking presence (SSL Certificates)
  • FIX: before enabling a disabled certificate, verify it matches the private key attached to the account. Believe this to be the root cause of some sites regenerating SSL in the panel to cause Apache to puke on reload (ssl)
  • FIX: constructors named after class deprecated (HTTP::Download)
  • FIX: catch Util_Browscap()->getBrowser() exceptions (HTML::Kit)
  • FIX: Update apnscpcore (SOAP)
  • FIX: update INCLUDE_PATH on hooks
  • FIX: wsdl path update
  • FIX: ensure second argument to addServer() is int when parsed from config.ini (Cache_Mproxy)
  • CHG: support git commits (changelogparser)
  • CHG: Blade insertion no longer required to be called “index”
  • CHG: apnscp API link (Template Config)
  • CHG: prefer redirect URL (mod_rewrite) over actual request when interpreting which application to serve
  • CHG: send()- accept array for headers (Mail)
  • CHG: upgrade Net::SMTP to 1.8.0
  • CHG: move view cache to storage/cache/views/
  • CHG: move Cache to Cache_Base to avoid conflict with Laravel facade
  • CHG: [domains] => notify tunable, dispatch a notification to appliance admin whenever domain is added (config.ini)
  • CHG: bump Laravel dependencies to 5.5 for Horizon
  • CHG: Web Apps rewrite. Convert template to Blade. Add autoupdate indicator, app options.
  • CHG: conditionally load Module_Skeleton provider. Early testing for Webhook implementation
  • CHG: alias apnscpFunctionInterceptor to a23r
  • CHG: make path missing more prominent (Addon Domains)
  • CHG: update API URL + add Beacon information (API Keys)
  • CHG: add nvm/rvm information (Package Manager)
  • CHG: alias a surrogate class to module if surrogate exists without module (apnscpFunctionInterceptor)
  • CHG: bins should not be committed
  • CHG: minor refactoring (Yum::Synchronizer)
  • CHG: ZE assert options (php.ini)
  • CHG: update theme to include ui-action-vacation, ui-action-user, ui-action-vacation-enable, ui-action-vacation-disable (CSS)
  • CHG: cleanup code (Opcenter::Database)
  • CHG: mysql ping logic, ping once on front-end (MySQL)
  • CHG: gracefully handle connection error on delete (Cache)
  • CHG: connect()- accept . or / as a file path (Cache)
  • CHG: use a longer temporary password (Transfer)
  • CHG: allow localhost connections without explicit redirect to SSL (httpd.conf)
  • CHG: all backend code now implements strict types
  • CHG: early init Blade on non-AJAX requests to allow access to supplemental methods in _render() prior to on_postback() hook (Page Container)
  • CHG: report() is a separate error code instead of 0xFFFF (Error Reporter)
  • CHG: handle_error() returns true if error is to be suppressed (Error Reporter)
  • CHG: override PHP memory limit iff memory limit is less than 256 MB
  • CHG: default reporting mode verbose (Error Reporter)
  • CHG: rename conf/ to config/ for consistency with Laravel
  • CHG: update Cardinal
  • CHG: replace Memcached with Redis
  • CHG: replace non-serializable implementation with a cacheable priority heap (Personality)
  • CHG: separate sql_* into mysql_* pgsql_* modules
  • CHG: update default config.ini settings
  • CHG: fetch_object(), strict return signature in line with mysqli::fetch_object() (PostgreSQL)
  • CHG: overwrite hostname on detection if hostname property set (Web Apps)
  • CHG: consistency, fetch_object() returns null on error or no further records (PostgreSQL)
  • CHG: update docroot to Template_Engine constant (Page Container)
  • CHG: gracefully report invalid postgresql queries (PostgreSQL)
  • CHG: when an entry is filtered, remove selection if set (DNS Manager, Addon Domains, Subdomains, Manage Mailboxes, Manage Users)
  • CHG: include locale only for CSR/self-signed certificates (SSL Certificates)
  • CHG: embedded terminal login uses # not @ in unpatched distribution (Terminal)
  • CHG: allow array-like iteration and access (Opcenter::Map)
  • CHG: detect()- support autodetection of *.[db,prefix,user]map ini files (Opcenter::Map)
  • CHG: ensure platform_version() returns a string for compliance with version_compare()
  • CHG: include /usr/share/pear in search path for PEAR/Exception.php (apnscpCore)
  • CHG: make helpers/ER accessible earlier in apnscp initialization (apnscpCore)
  • CHG: Horde uses /horde in its cookie path instead of / (Webmail)
  • CHG: cleanup layout (.htaccess Manager)
  • CHG: for sake of consistency, nested .ui-menu-category-apps should also have attribute aria-expanded on page load (Page Template)
  • CHG: active list group bg color in Launchpad theme (CSS)
  • CHG: increase padding for small mobile devices (CSS)
  • CHG: relax duplicate error filtering to exclude message, which may differ slightly when iterating an array (Error Reporter)
  • CHG: load OPCache, reduce tweak APCU cache (php.ini)
  • CHG: only fetch ucard when authenticated (UCard)
  • CHG: cache system status for 5 minutes instead of 3 (Login)
  • CHG: refactor, clean up code (Anvil)
  • CHG: successive calls to add_message_callback() preempt registered callbacks (Error Reporter)
  • CHG: migrate min attempts/limit/ttl to config.ini (Anvil)
  • CHG: add favicon.ico to prevent double-triggering anvil (DAV)
  • CHG: move lservice.php to lib/, remove .php from scripts that can execute directly with shebang
  • CHG: default fetch now 7 days, default retry now 4 hours (Util::Browscap)
  • CHG: get_site_id_from_domain()- **shim** query domainmap if domainmap.tch does not contain record, useful when a domain is freshly created and .tch is not populated yet. Note this will be removed once conversion is done (Auth)
  • CHG: cleanup login css
  • CHG: strip TokyoCabinet-specific storage parameters when querying database type (Opcenter::Map)
  • CHG: use TokyoCabinet for domain map (~40-60% performance improvement)
  • CHG: add_pgsql_user()- refactor create user to vendor-specific library. 9.6 drops “CREATEUSER” (sql)
  • CHG: info panel width (Settings)
  • CHG: refactor common filesystem path methods into trait (FilesystemPathTrait)
  • CHG: AUTO_AUTH, automatically attempt authentication (unless NO_AUTH is set) at end of initialization (Auth)
  • CHG: block repetitive DAV login attempts (Auth::DAV)
  • CHG: senseless optimization to init() once inited (afi)
  • CHG: when password changes, invalidate all other login instances of named user (auth)
  • CHG: autoload Auth module dependent upon surrogacy (Login)
  • CHG: use auth_crypt() to generate temporary password rather than password_hash(), which seems to pose some compatibility issues with shadow (Login)
  • CHG: always ensure reset_password wrapper has proper permissions (auth)
  • CHG: support hashes > 8 chars in SHA-512 paswords (Regex)
  • CHG: normalize_hostname()- default to active profile domain if “entry_domain” is not provided (web)
  • CHG: cron is now tunable ([cron] -> resolution)
  • CHG: better randomness for randomly generated MySQL passwords (Support::Sql)
  • CHG: ping before fetching db connection on backend (MySQL)
  • CHG: initialize()- ensure database handler is always primary database (MySQL)
  • CHG: expose add_zone to admin (dns)
  • CHG: aufs retired on Sol as well, reflect in migration (Transfer)
  • CHG: revert back to su, sudo yields “unable to initialize policy plugin” on Sol+ (Util_Process::Sudo)
  • CHG: MPM selection now provisional via -DPREFORK (httpd.conf)
  • CHG: sleep 0.5s between certificate requests (reissueAllCertificates)
  • CHG: truncate stack + arg count when fetching caller (Error Reporter)
  • CHG: Update SSL location
  • CHG: update lock path (Yum Synchronizer)
  • CHG: run_path() wrapper to extract app run location (helpers)
  • CHG: mask backtrace on fatal errors for publically facing components, e.g. don’t dump password on login fatal (Error Reporter)
  • CHG: move login to Blade
  • CHG: track master config.ini
  • CHG: partial refactor to Blade, drop locale requirements (SSL Certificates)
  • CHG: tickets now use common email template (crm)
  • REM: Urchin
  • REM: no reason to store password (Auth::User_Info)
  • REM: cleanup kb.hostineer.com reference
  • REM: getCertificateComponentData()- duplicate directory creation (Support::Letsencrypt)
Launchpad Update. IMPORTANT: Auto-updates coming soon!
Tagged on: