HestiaCP 1.4 Beta


  • NOTE: Ubuntu 16.04 (Xenial) is no longer supported as it has reached EOL (end-of-life) status.
  • NOTE: Apache in “standalone” mode is no longer actively supported and has been removed from installer options. Nginx (Proxy) + Apache2 will remain supported.
  • NOTE: Custom “quick installer apps” will not work anymore due to changes in how we handle quick installer apps. Minimal changes to the Quick installer apps are required! Please check https://github.com/hestiacp/hestia-quick-install for how to migrate!


  • Introduced single sign-on support for phpMyAdmin.
  • Introduced support for NGINX FastCGI cache.
  • Introduced support for SMTP Relay / smarthosts (server-wide or per-domain).
  • Introduced the ability to choose which webmail client to use per-domain (Roundcube or Rainloop).
  • Added B2 Backup Support for Remote Backup Location – thanks @rez0n!
  • Added template support for osTicket – thanks @madito!
  • Packages for phpMyAdmin, Roundcube, and Rainloop will be pulled directly from their upstream source instead of APT for new installations.
  • Added DNS records view to mail domains which provides DKIM, SPF, and other entries to use with an external provider.
  • Added an upgrade script to provide in-place upgrades to php7.4 (or any other version).
  • Added Drupal and Nextcloud quick installer support (Removed placeholder Joomla)
  • Added a new optional theme “Vestia”
  • Added a switch to disable the API and also limit the api by default to only. For current installs added the option “allow-all” on default
  • After first reboot of Hestia will try do 1 attempt to request / generate a valid Lets encrypt certificate
  • Introduced multiple new security policies via WebUI.
    • Allow users to edit Web / Proxy / DNS / Backend templates
    • Allow users to edit account details
    • Allow suspended users to login with “read-only” access
    • Allow users view / delete user history
    • Enforce sub domain ownership
    • Limit access to admin account when other users have the role “Administrator” assigned to them.
  • Disable user to login via WebUI / Limit access to WebUI to certain IP address per user.
  • Discourage websites to be created under “admin” account and redirect users to create new users.
  • Added support for redirecting to www / non www domains (or custom) #427 / #1638
  • Log failed login attempts
  • Introduced support for ARM based systems. Currently the packages are not available via ATP!
  • Force reboot of system after install


  • Fixed an issue where user name was duplicated when editing FTP users. (#1411)
  • Fixed an issue where the iptables service would appear to be in a stopped state when fail2ban is stopped. (#1374)
  • Fixed an issue where the default language value was incorrectly set under Server Settings > Configure.
  • Fixed an issue with the dark theme where available updates were incorrectly displayed.
  • Fixed an issue where local and FTP backup files were not deleted when running v-delete-user-backup. (#1421)
  • Fixed an issue where IP addresses could not be deleted. (#1423)
  • Fixed an issue where v-rebuild-user would incorrectly rebuild domain items in addition to user account configuration.
  • Fixed an issue which caused a web domain’s custom document root value to be lost when restoring from backup.
  • Fixed an issue which caused a NSPOSIXErrorDomain:100 error when using Safari/iOS (thanks @stsimb).
  • Fixed an issue where exim ignored the configured mail quota limit.
  • Fixed an issue where invalid character validation was performed when editing mail auto replies.
  • Fixed an issue which caused Let’s Encrypt to fail when using the Moodle template (thanks @ArturoBlanco).
  • Fixed an issue where the MySQL wait_timeout value was not saved due to wrong regexp attribute (thanks @guicapanema).
  • Fixed an issue where nginx web statistics authorization file was placed in the wrong directory.
  • Fixed several small issues that were reported when using PostgreSQL.
  • Improved reliability of mail domains and webmail clients.
  • Improved reliability of service restarts during upgrades.
  • Improved compatibility with Blesta / WHMCS plugins.
  • Improved API error handling routines – thanks @danielalexis!
  • Improved backup performance through the use of multi-threading when creating archives using the zstd compression type.
  • Improved error handling when creating firewall rules.
  • Improved handling of suspended users and domains to allow deletion without unsuspension.
  • Improved dependencies over package control to install lsb-release and zstd.
  • Improved SFTP connection handling to be case insensitive (thanks @lazzurs).
  • Improved domain validation to prevent creating subdomains when the top-level domain belongs to another account (thanks @KuJoe and @sickcodes).
  • Improved IDN domain handling to resolve issues with Let’s Encrypt SSL and mail domain services.
  • Added private folder to openbasedir permissions for all main templates.
  • Disabled changing backup folder via Web UI because it used symbolic link instead of mount causing issues with restore mail / user files.
  • Fixed XSS vulnerability in v-add-sys-ip and user history log (thanks @numanturle).
  • Fixed remote code execution vulnerability which could occur when deleting SSH keys (thanks @numanturle).
  • Fixed vulnerability in v-update-sys-hestia (thanks @numanturle)
  • Disabled the Update via WebUI due to timeout issues. Please update via apt update && apt upgrade in command line instead.
  • Improve how Quick install of web apps are handled and allow users added apps to be maintained in list view.
  • Fixed an issue where the api was enabled after an update of HestiaCP
  • Fixed an issue when the default php version got deleted webmail didn’t work any more. #1477
  • Limit access when “demo” mode is enabled.
  • Fixed an issue where limitations on aliases didn’t work propperly
  • Fixed an issue where “Exit to control pannel” link got changed to “Logout” #1669
  • Allow packages to be deleted when in use. Current users are changed to “Default” package.
  • Fixed multiple bugs with in v-restore-users
  • Redesign statics page
  • Allow self signed certificates to be created with aliases.
  • Fixed issue where mail accounts where sorting incorrectly by size #1687
  • Improve results v-search-command #1703
  • Merge Codeiginiter / Drupal templates.
  • Prepare template for FastCGI support an improve security by allowing only .well-known for Let’s encrypt requests
  • Update Cloudflare Ips in nginx.conf
  • Fixed an issue where emails where send to nobody when connection failed to database #1765
  • Fixed an issue where no notifications where send on failure and save local backup if remote backup failed.
  • Fixed an issue where domains containing 2 dots in the top level domain could accidentally got removed #1763
  • Fixed an issue where www could be created and after delete webmail doesn’t work anymore #1746
  • Standardize headers for upgrade scripts
  • Improved how we handle custom themes
  • Refactored HMTL / PHP code WebUI

1.4 Beta version has just been build and available for download via:

https://apt.hestiacp.com/beta/hestia_1.4.0~beta_amd64.deb 1

Please download the package via:

wget https://apt.hestiacp.com/beta/hestia_1.4.0~beta_amd64.deb
dpkg -i hestia_1.4.0~beta_amd64.deb
Posts created 37

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related Posts

Begin typing your search term above and press enter to search. Press ESC to cancel.

Back To Top