- NOTE: Ubuntu 16.04 (Xenial) is no longer supported as it has reached EOL (end-of-life) status.
- NOTE: Apache in “standalone” mode is no longer actively supported and has been removed from installer options. Nginx (Proxy) + Apache2 will remain supported.
- NOTE: Custom “quick installer apps” will not work anymore due to changes in how we handle quick installer apps. Minimal changes to the Quick installer apps are required! Please check https://github.com/hestiacp/hestia-quick-install for how to migrate!
- Introduced single sign-on support for phpMyAdmin.
- Introduced support for NGINX FastCGI cache.
- Introduced support for SMTP Relay / smarthosts (server-wide or per-domain).
- Introduced the ability to choose which webmail client to use per-domain (Roundcube or Rainloop).
- Added B2 Backup Support for Remote Backup Location – thanks @rez0n!
- Added template support for osTicket – thanks @madito!
- Packages for phpMyAdmin, Roundcube, and Rainloop will be pulled directly from their upstream source instead of APT for new installations.
- Added DNS records view to mail domains which provides DKIM, SPF, and other entries to use with an external provider.
- Added an upgrade script to provide in-place upgrades to php7.4 (or any other version).
- Added Drupal and Nextcloud quick installer support (Removed placeholder Joomla)
- Added a new optional theme “Vestia”
- Added a switch to disable the API and also limit the api by default to 127.0.0.1 only. For current installs added the option “allow-all” on default
- After first reboot of Hestia will try do 1 attempt to request / generate a valid Lets encrypt certificate
- Introduced multiple new security policies via WebUI.
- Allow users to edit Web / Proxy / DNS / Backend templates
- Allow users to edit account details
- Allow suspended users to login with “read-only” access
- Allow users view / delete user history
- Enforce sub domain ownership
- Limit access to admin account when other users have the role “Administrator” assigned to them.
- Disable user to login via WebUI / Limit access to WebUI to certain IP address per user.
- Discourage websites to be created under “admin” account and redirect users to create new users.
- Added support for redirecting to www / non www domains (or custom) #427 / #1638
- Log failed login attempts
- Introduced support for ARM based systems. Currently the packages are not available via ATP!
- Force reboot of system after install
- Fixed an issue where user name was duplicated when editing FTP users. (#1411)
- Fixed an issue where the iptables service would appear to be in a stopped state when fail2ban is stopped. (#1374)
- Fixed an issue where the default language value was incorrectly set under Server Settings > Configure.
- Fixed an issue with the dark theme where available updates were incorrectly displayed.
- Fixed an issue where local and FTP backup files were not deleted when running
- Fixed an issue where IP addresses could not be deleted. (#1423)
- Fixed an issue where
v-rebuild-userwould incorrectly rebuild domain items in addition to user account configuration.
- Fixed an issue which caused a web domain’s custom document root value to be lost when restoring from backup.
- Fixed an issue which caused a
NSPOSIXErrorDomain:100error when using Safari/iOS (thanks @stsimb).
- Fixed an issue where exim ignored the configured mail quota limit.
- Fixed an issue where invalid character validation was performed when editing mail auto replies.
- Fixed an issue which caused Let’s Encrypt to fail when using the Moodle template (thanks @ArturoBlanco).
- Fixed an issue where the MySQL
wait_timeoutvalue was not saved due to wrong regexp attribute (thanks @guicapanema).
- Fixed an issue where nginx web statistics authorization file was placed in the wrong directory.
- Fixed several small issues that were reported when using PostgreSQL.
- Improved reliability of mail domains and webmail clients.
- Improved reliability of service restarts during upgrades.
- Improved compatibility with Blesta / WHMCS plugins.
- Improved API error handling routines – thanks @danielalexis!
- Improved backup performance through the use of multi-threading when creating archives using the
- Improved error handling when creating firewall rules.
- Improved handling of suspended users and domains to allow deletion without unsuspension.
- Improved dependencies over package control to install
- Improved SFTP connection handling to be case insensitive (thanks @lazzurs).
- Improved domain validation to prevent creating subdomains when the top-level domain belongs to another account (thanks @KuJoe and @sickcodes).
- Improved IDN domain handling to resolve issues with Let’s Encrypt SSL and mail domain services.
- Added private folder to openbasedir permissions for all main templates.
- Disabled changing backup folder via Web UI because it used symbolic link instead of mount causing issues with restore mail / user files.
- Fixed XSS vulnerability in
v-add-sys-ipand user history log (thanks @numanturle).
- Fixed remote code execution vulnerability which could occur when deleting SSH keys (thanks @numanturle).
- Fixed vulnerability in v-update-sys-hestia (thanks @numanturle)
- Disabled the Update via WebUI due to timeout issues. Please update via
apt update && apt upgradein command line instead.
- Improve how Quick install of web apps are handled and allow users added apps to be maintained in list view.
- Fixed an issue where the api was enabled after an update of HestiaCP
- Fixed an issue when the default php version got deleted webmail didn’t work any more. #1477
- Limit access when “demo” mode is enabled.
- Fixed an issue where limitations on aliases didn’t work propperly
- Fixed an issue where “Exit to control pannel” link got changed to “Logout” #1669
- Allow packages to be deleted when in use. Current users are changed to “Default” package.
- Fixed multiple bugs with in v-restore-users
- Redesign statics page
- Allow self signed certificates to be created with aliases.
- Fixed issue where mail accounts where sorting incorrectly by size #1687
- Improve results v-search-command #1703
- Merge Codeiginiter / Drupal templates.
- Prepare template for FastCGI support an improve security by allowing only .well-known for Let’s encrypt requests
- Update Cloudflare Ips in nginx.conf
- Fixed an issue where emails where send to nobody when connection failed to database #1765
- Fixed an issue where no notifications where send on failure and save local backup if remote backup failed.
- Fixed an issue where domains containing 2 dots in the top level domain could accidentally got removed #1763
- Fixed an issue where www could be created and after delete webmail doesn’t work anymore #1746
- Standardize headers for upgrade scripts
- Improved how we handle custom themes
- Refactored HMTL / PHP code WebUI
1.4 Beta version has just been build and available for download via:
Please download the package via:
wget https://apt.hestiacp.com/beta/hestia_1.4.0~beta_amd64.deb dpkg -i hestia_1.4.0~beta_amd64.deb