michael/webmin
1
0
Fork 0
mirror of https://github.com/webmin/webmin.git synced 2026-02-12 18:12:05 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
Files
e083b2bcc00a8f647759ff06fc8f69f2680ceccd
webmin/CHANGELOG
Jamie Cameron ecce60b986 Give credit
2009-05-28 17:53:53 +00:00

120 lines
10 KiB
Plaintext
Raw Blame History

---- Changes since 1.140 ----
Fixed a security hole that allowed any user to view the configuration of any module, even those that they should not have access to.
Fixed a security hole that could allow an attacker to lock valid users by sending a bogus username or password.
---- Changes since 1.150 ----
Updated the setup.sh script to use MD5 password encryption by default, on systems where Perl supports it.
Fixed a security hole in the maketemp.pl script, used to create the /tmp/.webmin directory at install time. If an un-trusted user creates this directory before Webmin is installed, he could create in it a symbolic link pointing to a critical file on the system, which would be overwritten when Webmin writes to the link filename (CVE bug CAN-2004-0559).
When PAM is used for Unix authentication, expired passwords are now detected and the user is prompted to select a new password (if this feature is enabled on the Webmin Configuration module).
Make all functions in ui-lib.pl themable, allowing themes to have more detailed control over modules that make use of this library.
Updated all modules to call ui_print_header instead of calling header and printing <hr>, so that themes can avoid the <hr>. Also updated the MSC theme to do this.
---- Changes since 1.160 ----
Added support for Solaris 10.
Included several additional translations for various languages and modules.
Added support for config- files that allow a range of OS version numbers, and used this to reduce the number of standard config files.
---- Changes since 1.170 ----
When installing a module from the command line, by it will be granted to the same users who receive new modules when Webmin is upgraded. By default, this is root and admin.
Added basic support for multiple root directories, so that Webmin modules can be separated into core and third-party on the filesystem.
When installing or upgrading Webmin, password timeouts are now enabled by default. This protects against brute-force password guessing attacks.
---- Changes since 1.180 ----
All subheadings have been reduced in size when using the default MSC theme.
All modules now use a new API for writing to configuration files, which ensures that the file does not get written to or truncated if the system is out of disk space.
---- Changes since 1.200 ----
On Solaris systems that support RBAC, available modules and access rights can now be derived from RBAC for selected users. This can be enabled on a per-user or per-module basic in the Webmin Users module.
---- Changes since 1.210 ----
Added a new Global ACL control option to limit a user to read-only mode. This does not yet support all modules, but in those that are supported any changes the user makes will simply not take effect.
Restarting of Webmin is now much faster in some modules that do not need a full configuration reload, due to the addition of a function that justs tells miniserv.pl to re-read its config file.
---- Changes since 1.220 ----
Added basic support for running Webmin on Windows system with ActiveState Perl installed. The new setup.pl install script must be used, as the setup.sh shell script cannot run on Windows.
Fixed a bug that could allow a remote attack if the option to use full PAM conversations is enabled.
Improved the Webmin RPM to not lose the /etc/webmin directory when upgrading from an RPM by another vendor (like Mandrake or DAG).
---- Changes since 1.230 ----
Replaced all calls to the crypt() function with new code that will use the Crypt::UnixCrypt Perl modules on systems for with crypt() is broken.
---- Changes since 1.240 ----
Fixed a possible security hole caused by a bug in Perl.
---- Changes since 1.260 ----
Proxy settings made in the Webmin Configuration module are passed on to programs Webmin calls via the http_proxy and ftp_proxy environment variables.
Added automatically created UTF-8 translations for simplified and traditional Chinese.
---- Changes since 1.270 ----
Updated almost all modules that use tables to use the new ui_columns functions. This allows themes to do highlighting when a row is moved over or selected.
Added a new 'Simple Blue' theme, which uses fewer images and does table row highlighting.
Changed the way that Webmin log diff files are stored, so that they are categorized by action and not all in one huge directory.
---- Changes since 1.280 ----
Fixed security holes that allow remote read access to any file on the server for which the path is known.
---- Changes since 1.290 ----
SELinux security contexts are preserved on files safely modified by Webmin's write-and-rename code.
Added xmlrpc.cgi program, which provides an XML-RPC interface to all Webmin module functions.
Tested and improved support for Fedora 5.
---- Changes since 1.300 ----
Fixed the rare bug about renaming the .webmintmp file.
---- Changes since 1.310 ----
Module configuration files can now be named based on the real operating system types, such as config-Ubuntu-Linux, which would be used in preference to config-debian-linux.
When a large file is uploaded, it is no longer read into memory by miniserv.pl.
Update the code that fetches mirror sites from Sourceforge, to handle their new website design.
Changed the default theme for all installs to the new framed blue theme.
Updated all rows of links (like select all, invert selection, add something) above tables to use a separator between links.
Added caching for sudo capable user checks, to avoid excessive slow calls to sudo.
Fixed a memory leak when running under ActiveState Perl on Windows.
---- Changes since 1.320 ----
Fixed XSS bugs in chooser.cgi.
If the operating system is upgraded after Webmin is installed, a button is displayed on the main page to update Webmin's view of the current OS.
Improved the tabs API to add an option to put a box around the visible tab, and whitespace around tabs.
If listening on all specified IP addresses fails, Webmin will fall back to accepting connections on any address.
All Module Config pages are now generating using new ui-lib.pl code, for easier theming.
Added a global access control option to set the Unix user the file browser lists directories as.
---- Changes since 1.330 ----
Added more ui-lib.pl functions for hidden page sections.
Fixed another XSS bug in chooser.cgi.
The Webmin function to get the system's hostname now reads a file instead of calling the hostname comment, which is faster.
Added an ACL option to the file chooser for additional directories to allow access to.
Changed the way sizes are displayed, to use a format like 1.32 GB or 8 kB.
Removed letter images (used by the old theme), and forced the standard header function to always use text titles.
Added support for Slam64 Linux.
---- Changes since 1.340 ----
Added Redhat Enterprise release 5 support.
Requests to the /unauthenticated URL can never execute CGI programs, to provide an extra layer of security against URL escaping attacks.
Fixed XSS bugs in pam_login.cgi.
---- Changes since 1.370 ----
Hid the Jabber and Security Sentries modules by default, as the underlying software is no longer supported.
On Linux systems, sped up the function for finding processes so that it no longer has to launch 'ps' - instead, it reads /proc directly.
When read_file_lines is used to read a file, the Unix or Windows newlines will be preserved when it is written out.
---- Changes since 1.380 ----
Added a search box to the left frame of the blue theme, for finding modules, config options, help pages and text.
All images, CSS and other static content served by Webmin has an HTTP Expires for 1 week in the future, to improve cachability.
Lock files are automatically removed when the process creating them exits.
NetBSD 4.0 support.
Italian and Catalan translations contributed for many modules, thanks to Giovanni and Jaume Badiella.
Changed the error message that appears when Webmin detects a link from another web page, and removed the button to allow the link (which was unreliable anyway).
---- Changes since 1.390 ----
Links from unknown referers are now blocked by default, to prevent XSS attacks. This may break browsers that don't supply a Referer: HTTP header.
---- Changes since 1.400 ----
Big Czech translation updates, thanks to Petr Vanek and the Czech translation team.
All popups in Webmin are now XSS-safe, and thus do not need protection from unknown referers which prevented them from working in some browsers.
All Webmin session IDs are now stored MD5 hashed, to prevent sessions from being captured if the sessiondb DBM is somehow read by an attacker.
Many Dutch updates, thanks to Gandyman.
MD5 encryption for Webmin and Unix passwords can be used on systems that have either the MD5 or Digest::MD5 perl module, or support it in the crypt() function.
---- Changes since 1.410 ----
Many Korean updates, thanks to JoungKyun Kim.
More Dutch updates, thanks to Gandyman.
Added a debugging log file, which records all files read and written, commands run and more. This can be enabled in the Webmin Configuration module.
---- Changes since 1.420 ----
Many Greek translation updates, thanks to Vagelis Koutsomitros.
Catalan translation updates by Jaume Badiella.
Many Dutch translation contributions by Gandyman.
---- Changes since 1.430 ----
A large Croatian translation update, thanks to Domagoj Bikic.
When a user whose password is close to expiry or has already expired logs in, a warning will be displayed on Webmin's first page.
Many Japanese translation updates, thanks to Kazuya Masuda.
---- Changes since 1.440 ----
Russian translation updates, thanks to Anton Statutov.
Webmin's serialization functions can now handle objects, which allows them to be passed as parameters to remote function calls. Both caller and recipient must have the object's class installed though.
Converted commands in the core web-lib-funcs.pl API file to POD format, and added more details about each function.
---- Changes since 1.450 ----
Added a language option for UK english, and converted words in the default Webmin language to US english.
Major Dutch translation updates, thanks to Gandyman.
Catalan translation updates by Jaume Badiella.
Converted all core modules to use the new WebminCore perl module instead of web-lib.pl. This significantly improves memory use and load time in code that uses functions from multiple modules, asssuming they have all been converted.
---- Changes since 1.470 ----
Catalan translation updates by Jaume Badiella.
Added an UTF-8 encoding of the Russian translation, thanks to shavlukov@gmail.com.
French translation updates by ButterflyOfFire.
Reference in New Issue View Git Blame Copy Permalink