1.2.0 docs and blog posts

blog/2026/04-24-1.2.0-release.md

@@ -0,0 +1,107 @@
+---
+authors: [1day2die, mrweez, simba]
+tags: [releases]
+draft: false
+slug: 1.2.0-release
+---
+
+# CtrlPanel 1.2.0 is here!
+
+After nearly 10 months of development, we are ready to present version 1.2.0 as a stable release.
+
+We want to be transparent with our community: version 1.1 was released prematurely, and we are not proud of that. It shipped with too many rough edges and took far longer to stabilize than it should have. We heard your frustration, and we took it seriously.
+
+<!-- truncate -->
+
+With 1.2.0, we made a commitment to not repeat that mistake. This release went through a full beta testing phase before reaching stable, and we are confident it reflects the quality our users deserve.
+
+This update brings a large number of bug fixes, new features, and importantly, patches for several critical security vulnerabilities. We strongly urge every CtrlPanel user to upgrade as soon as possible. Do not wait for themes or addons to be updated first - running an outdated version puts both you and your clients at risk.
+
+## License Change
+
+Starting with this release, CtrlPanel moves from AGPL 3.0 to the **Mozilla Public License 2.0 (MPL 2.0)**.
+
+We'll be honest - we didn't fully think through the implications of AGPL 3.0 when we adopted it. As we looked closer, we realized it was placing an unreasonable burden on our community - particularly on users running the panel and developers building third-party addons. The license was doing more harm than good, and that was never our intention.
+
+MPL 2.0 is a more balanced license that still protects the project while giving the community the freedom it needs to grow.
+
+As for previous versions - we are not officially relicensing them, but we have no intention of taking any action against AGPL 3.0 non-compliance in older releases. That said, compliance with MPL 2.0 is required for this version and all future releases - no exceptions.
+
+A dedicated blog post covering all the details including what this means for addon and theme developers will be published tomorrow, April 25th.
+
+## Acknowledgements
+
+This release would not have been possible without the help of our contributors and beta testers.
+
+A special thank you to **Simba** and **FerksFK** for their contributions to the codebase, and to **Maddigan** for his invaluable work during beta testing - single-handedly tracking down the vast majority of bugs in this release.
+
+We also want to thank everyone who responsibly disclosed security vulnerabilities that are patched in this release. Your names will be added to the Hall of Fame in our SECURITY.md once the CVE details are publicly disclosed.
+
+Thank you to everyone else who contributed, reported issues, or helped test along the way. You are what keeps this project alive :heart:.
+
+---
+
+## What's Changed
+
+### Bug Fixes
+- Fixed credits being displayed as 1000x their actual value in parts of the UI and API responses
+- Fixed the OOM Killer checkbox not saving its value
+- Fixed HTTP 500 on the admin overview page when the `.git` directory is missing
+- Fixed "Log back in" being unavailable to admins after using "Login as User"
+- Fixed potential referral system abuse through account deletion - deleted referrals are now visible to admins
+- Fixed `php artisan route:cache` failing due to duplicate route names
+- Fixed mass user notifications failing if one email address was rejected by the mail server
+- Fixed server creation flow allowing credits to be deducted even when server creation failed
+- Fixed allocation limit applying globally instead of per-node, which blocked server creation on all nodes when only one reached its limit
+- Fixed multiple coupons created via range function having their value saved as 1000x less than intended
+- Fixed manual email confirmation not triggering events, which prevented users from receiving their referral and email confirmation rewards
+- Fixed coupon application unlocking the payment button without a selected payment gateway
+- Fixed 100% off coupons not allowing users to claim a product for free without selecting a payment gateway
+- Fixed admins being unable to delete coupons
+- Fixed referral commission calculation returning incorrect amounts
+- Fixed regular users being able to view coupon and voucher-related logs
+- Fixed payment confirmation email formatting
+- Fixed broken installation caused by a database column type mismatch
+
+### New Features & Improvements
+- Added support for coupons with unlimited uses
+- Added "Minimum product price" setting for coupons
+- Added option to automatically delete expired vouchers and those that have reached their usage limit
+- Added ability for users to change or remove an applied coupon at checkout
+- Coupons are now temporarily reserved during checkout and only marked as used after a successful payment
+- Added ticket deletion confirmation prompt
+- Added a notification 3 days before server suspension when the user has insufficient credits
+- Added rate limiting for server creation to prevent abuse from repeated rapid requests
+- Added optional reason field for server and user moderation actions via the API
+- Added Ukrainian localization; extended Russian localization
+- Added ability to change thousand and decimal separators - either globally or per user based on their locale
+- Admins can now select all eggs in a nest by clicking the nest name in the product configuration list
+- Products now accept `0` as a value for unlimited resources
+- Products in the upgrade/downgrade list are now sorted by price
+- Removed the global minimum-credits setting - each product now defines its own minimum-credits value
+- Removed "Generate random codes" from the coupon edit page
+- Reordered settings items for better readability
+- Fully reworked payment gateways - admins must now configure webhook tokens per gateway
+- Redesigned the version info card on the overview page
+- Installer step can now be reset by adding `?reset` to the URL, without needing DevTools or clearing site data
+- User creation command (`php artisan make:user`) now returns an error if the email or Pterodactyl ID is already in use
+
+### Fixed Vulnerabilities
+
+:::info
+
+**Vulnerability details will be disclosed two weeks after the release date**
+
+:::
+
+- CVE-2026-34234
+- CVE-2026-34358
+- CVE-2026-34246
+- CVE-2026-34216
+- CVE-2026-34241
+- CVE-2026-34233
+
+---
+
+This release also includes a number of internal bug fixes, performance improvements, and code refactors not listed above.  
+**Full Changelog**: https://github.com/Ctrlpanel-gg/panel/compare/1.1.1...1.2.0

blog/2026/04-25-understanding-mpl-2.0.md

@@ -0,0 +1,112 @@
+---
+authors: [1day2die, mrweez]
+tags: [guides]
+draft: true
+slug: understanding-mpl-2.0
+---
+
+# Understanding MPL 2.0 in the Context of CtrlPanel
+
+With the release of 1.2.0, CtrlPanel moves from AGPL 3.0 to the Mozilla Public License 2.0. This post covers what that means for everyone - users, addon and theme developers, and contributors.
+
+<!-- truncate -->
+
+## Why We're Making This Change
+
+When we adopted AGPL 3.0 back in the 1.0 release, we did not fully think through its implications. In practice, AGPL 3.0 turned out to be far more restrictive than we intended - addon and theme developers couldn't legally sell their work, and users couldn't customize the panel for their own needs without publishing their changes. That was never the goal, and it was quietly killing the community we were trying to build.
+
+MPL 2.0 fixes this. It keeps the project open and protected, while giving everyone the freedom they actually need.
+
+As part of this transition, we are also introducing a Contributor License Agreement (CLA) for all future pull requests. Contributors will be asked to sign it when opening a PR. This is part of a broader effort to give CtrlPanel a proper legal foundation - something we should have had from the start.
+
+:::tip
+
+Before reading further, we recommend taking a quick look at the [Mozilla Public License 2.0](https://www.mozilla.org/en-US/MPL/2.0/) itself - it is short, readable, and will make everything in this post much easier to follow and understand.
+
+:::
+
+---
+
+## For Users
+
+If you just run CtrlPanel to sell game servers to your customers, not much changes for you.
+
+- You can download, install, and run the panel freely
+- You can modify any files - change the UI, add features, integrate with your own systems
+- You can use the panel commercially
+- Your customers accessing the panel through a browser is not considered distribution - you have no obligations in that case
+- If you ever give or sell a copy of your modified panel to another person or company, you must provide the modified files - but since CtrlPanel is written in PHP, there is nothing extra to prepare. The source code is already what you are distributing.
+
+In short - run it, customize it, build a business on it. You're good.
+
+---
+
+## For Addon & Theme Developers
+
+This is where the biggest change is, and where MPL 2.0 makes things much more practical.
+
+### If your addon does not modify our core files
+
+This is the cleanest scenario. If your addon is a separate package or file that does not touch CtrlPanel's existing source files:
+
+- You can license it however you want, including proprietary
+- You can sell it on [market.ctrlpanel.gg](https://market.ctrlpanel.gg) or anywhere else, fully closed source
+- You have no MPL obligations whatsoever
+
+This is why we are actively thinking about a more modular extension system - so that addons never need to touch core files in the first place. More on that in the future.
+
+### If your addon modifies our core files
+
+If your work involves editing CtrlPanel's existing source files, MPL 2.0 still allows you to sell it - but with one important condition: the modified core files must remain under MPL 2.0, and you must provide them to anyone you distribute to - which, again, is nothing extra since PHP is already source code.
+
+This does not mean a public release. You are only required to provide source code to the people you directly sell or distribute to - not to the general public. You are not required to publish anything on GitHub or anywhere publicly accessible.
+
+However, keep in mind that once a recipient has that source code, they are legally allowed to share it further. MPL does not restrict what recipients can do with source code they legitimately received. If keeping your modifications private long-term is important to you, the safest approach is to avoid modifying core files and build your addon as a separate package instead.
+
+### Modular Extension System
+
+The safest way to keep your addon code fully closed is to never touch core files at all - and we want to make that possible for every type of addon.
+
+Currently, CtrlPanel has a modular system for payment gateways, and we are ready to expand it further. If you need an internal API or hook that does not exist yet, there are two ways to help make it happen:
+
+- **Open an issue** on GitHub describing what you need - we will consider it for an upcoming release
+- **Open a PR** that adds the implementation yourself - the fastest path to getting it in
+
+Either way, make sure to follow our contribution guidelines before getting started - see the relevant files in the `.github` directory of the repository.
+
+The more developers build addons the right way, the stronger and more sustainable the ecosystem becomes for everyone.
+
+### A note for theme developers
+
+We ask that you preserve the original CtrlPanel copyright notice in the panel footer. You are welcome to add your own copyright alongside it - just don't remove ours. This is both a license requirement and a matter of respect for the project and its contributors.
+
+---
+
+## For Those Looking to Fork
+
+MPL 2.0 allows anyone to take CtrlPanel's code, modify it, and redistribute it - including commercially. If you do, here is what the license requires:
+
+- Modified MPL-licensed files must remain under MPL 2.0
+- You must keep existing copyright notices intact
+- You cannot relicense the MPL-covered files as proprietary
+
+Building on open source is fine. Stripping it of its open source nature is not.
+
+---
+
+## Summary
+
+|                                            | AGPL 3.0 | MPL 2.0 |
+| ------------------------------------------ | -------- | ------- |
+| Run the panel commercially                 | Yes      | Yes     |
+| Customize without publishing changes       | No       | Yes\*   |
+| Sell closed-source addons (separate files) | No       | Yes     |
+| Sell addons that modify core files         | No       | Yes\*\* |
+| Fork and redistribute                      | Yes      | Yes     |
+
+\*As long as you don't distribute the code to others.  
+\*\*Modified core files must remain MPL 2.0 and source must be provided to recipients.
+
+---
+
+If you have questions about what this means for your specific use case, feel free to join our [Discord](https://discord.gg/ctrlpanel-gg-787829714483019826), we are happy to help. And if you want the full legal text, you can read the [Mozilla Public License 2.0](https://www.mozilla.org/en-US/MPL/2.0/) directly.

blog/authors.yml

@@ -0,0 +1,26 @@
+1day2die:
+  name: 1Day2Die
+  title: Project Manager
+  image_url: https://github.com/1Day2Die.png
+  page:
+    permalink: '/1day2die'
+  socials:
+    github: 1Day2Die
+
+mrweez:
+  name: MrWeez
+  title: Contribution Director & Maintainer
+  image_url: https://github.com/MrWeez.png
+  page: true
+  socials:
+    github: MrWeez
+    email: hello@mrweez.dev
+    website: https://mrweez.dev
+
+simba:
+  name: Simba
+  title: Maintainer
+  image_url: https://github.com/simbabimba-dev.png
+  page: true
+  socials:
+    github: simbabimba-dev

blog/tags.yml

@@ -0,0 +1,8 @@
+releases:
+  label: 'Releases'
+
+announcements:
+  label: 'Announcements'
+
+guides:
+  label: 'Guides'

docusaurus.config.js

@@ -10,7 +10,11 @@ module.exports = {
   url: "https://ctrlpanel.gg",
   baseUrl: "/",
   onBrokenLinks: "throw",
-  onBrokenMarkdownLinks: "warn",
+  markdown: {
+    hooks: {
+      onBrokenMarkdownLinks: "warn",
+    }
+  },
   favicon: "img/controlpanel.ico",
   organizationName: "CtrlPanel-gg", // Usually your GitHub org/user name.
   projectName: "docs", // Usually your repo name.
@@ -29,6 +33,11 @@ module.exports = {
           position: "left",
           label: "Documentation",
         },
+        {
+          to: 'blog',
+          label: 'Blog',
+          position: 'left'
+        },
         {
           href: "https://market.ctrlpanel.gg",
           label: "Theme / Extension Hub",
@@ -106,18 +115,15 @@ module.exports = {
       {
         docs: {
           includeCurrentVersion: false,
-          lastVersion: "1.1.x",
+          lastVersion: "1.2.x",
           versions: {
-            'beta': {
-              label: '1.2.x (Public Beta)',
-              path: 'beta',
-              banner: 'none',
-            },
-            // '1.2.x': {
-            //   label: '1.2.x (Upcoming release)',
+            // 'beta': {
+            //   label: '1.2.x (Public Beta)',
+            //   path: 'beta',
+            //   banner: 'none',
             // },
-            '1.1.x': {
-              label: '1.1.x (Latest)',
+            '1.2.x': {
+              label: '1.2.x (Latest)',
             },
             'archive': {
               label: 'Archive',

package.json

@@ -14,9 +14,9 @@
     "write-heading-ids": "docusaurus write-heading-ids"
   },
   "dependencies": {
-    "@docusaurus/core": "^3.8.1",
-    "@docusaurus/plugin-client-redirects": "^3.8.1",
-    "@docusaurus/preset-classic": "^3.8.1",
+    "@docusaurus/core": "^3.10.0",
+    "@docusaurus/plugin-client-redirects": "^3.10.0",
+    "@docusaurus/preset-classic": "^3.10.0",
     "@mdx-js/react": "^3.0.0",
     "@svgr/webpack": "^5.5.0",
     "clsx": "^1.1.1",

versioned_docs/version-1.1.x/updating/from-0.9.x.mdx

@@ -11,7 +11,7 @@ If you update from 0.8.x, please follow our 0.9.0 update guide which can be foun
 :::
 
 :::danger
-Always backup your database and any code changes before updating! It's better to not need them, than to lose everything when you do. We've explained how to do that [here](/docs/guides/backup).
+Always backup your database and any code changes before updating! It's better to not need them, than to lose everything when you do. We've explained how to do that [here](/docs/1.1.x/guides/backup).
 
 Without a backup, you won't be able to roll back without losing all your data.
 :::

versioned_docs/version-1.1.x/updating/from-1.0.x.mdx

@@ -7,11 +7,11 @@ sidebar_position: 2
 :::caution
 This guide is for updates 1.0.x -> 1.1.x
 
-If you want to upgrade from version 1.1.x to 1.1.x, please follow [1.1.x](/docs/updating/from-1.1.x) update guide.  
+If you want to upgrade from version 1.1.x to 1.1.x, please follow [1.1.x](/docs/1.1.x/updating/from-1.1.x) update guide.  
 :::
 
 :::danger
-Always backup your database and any code changes before updating! It's better to not need them, than to lose everything when you do. We've explained how to do that [here](/docs/guides/backup).
+Always backup your database and any code changes before updating! It's better to not need them, than to lose everything when you do. We've explained how to do that [here](/docs/1.1.x/guides/backup).
 
 Without a backup, you won't be able to roll back without losing all your data.
 :::

versioned_docs/version-1.1.x/updating/from-1.1.x.mdx

@@ -7,12 +7,12 @@ sidebar_position: 1
 :::caution
 This guide is for updates 1.1.x -> 1.1.x
 
-If you want to upgrade from version 1.0.x to 1.1.x, please follow [1.0.x](/docs/updating/from-1.0.x) update guide.  
-If you want to upgrade from version 0.9.x to 1.1.x, please follow [0.9.x to 1.0.1](/docs/updating/from-0.9.x) update guide first and then [from 1.0.x](https://hsvs0l68-3000.euw.devtunnels.ms/docs/updating/from-1.0.x) one.
+If you want to upgrade from version 1.0.x to 1.1.x, please follow [1.0.x](/docs/1.1.x/updating/from-1.0.x) update guide.  
+If you want to upgrade from version 0.9.x to 1.1.x, please follow [0.9.x to 1.0.1](/docs/1.1.x/updating/from-0.9.x) update guide first and then [from 1.0.x](/docs/1.1.x/updating/from-1.0.x) one.
 :::
 
 :::danger
-Always backup your database and any code changes before updating! It's better to not need them, than to lose everything when you do. We've explained how to do that [here](/docs/guides/backup).
+Always backup your database and any code changes before updating! It's better to not need them, than to lose everything when you do. We've explained how to do that [here](/docs/1.1.x/guides/backup).
 
 Without a backup, you won't be able to roll back without losing all your data.
 :::

versioned_docs/version-1.2.x/contributing/translating.mdx

@@ -5,5 +5,5 @@ sidebar_position: 3
 # Translating
 
 :::warning
-We are currently planning a complete refactor and improvement of the translation system, which will be released with version 1.2.0. Because of this, this section is not in use for now.
+We are currently planning a complete refactor and improvement of the translation system. Because of this, this section is not in use for now.
 :::

versioned_docs/version-1.2.x/development/install.mdx

@@ -5,5 +5,5 @@ sidebar_position: 1
 # Installing development version
 
 :::info
-Version 1.2.0 is in early development, and there are no changes compared to the [standard installation](/docs/getting-started/install) process. You can simply follow the regular installation guide, just clone the `development` branch instead of `main`.
+Next version is in early development, and there are no changes compared to the [standard installation](/docs/getting-started/install) process. You can simply follow the regular installation guide, just clone the `development` branch instead of `main`.
 :::