This version contains Unspecified Command Execution Vulnerability fix. http://secunia.com/advisories/26885/ Changes since Webmin version 1.360 Webmin Users Added the Password Restrictions page, for configuring password quality and change time settings. Re-designed the Edit User page to use the new Webmin UI library, and move lesser-used fields into collapsible sections. Webmin users can have a real name, which can be any text you like. Apache Webserver Available Apache modules are now fully automatically detected on all operating systems, which does away with the Re-Configure Known Modules page. Bacula Backup System Removed the requirement for the /etc/bacula/bacula command to be installed, if /etc/init.d/bacula-* scripts exist. Added a field to the mount/un-mount page for entering an auto-loader slot number. BIND DNS Server Added a button to the main page for adding a record with the same name and value to multiple domains at once. Perl Modules The module is now available when running Webmin inside a Solaris zone, but only if Perl is not shared with the global zone. Dovecot IMAP/POP3 Server Supported newer versions of Dovecot which use mail_location instead of default_mail_env. File Manager Added a Module Config option to specify file extensions to treat as HTML, rather than always using only .html and .htm. Postfix Configuration Added the new SMTP Authentication And Encryption page for setting SASL and TLS related options. Linux RAID Added support for RAID 10 arrays when using MDADM. Changed the main page to use a table for existing RAID arrays, rather than icons. Added a section for configuring RAID problem notification when using MDADM. Shoreline Firewall (Updates by Paul Gear <email@example.com>.) BUG: Corrected mis-handling of nested zones introduced in 1.350. Removed debugging cruft added in 1.350. Added support for end-of-line comments in zones, params, and shorewall.conf. Added support for display of long zone names under the new zones format. Added module option to disable display of long zone names in the rules file. Usermin Configuration Separated the Configure Module page into tabs, to make it clearer which options are global and which are default user preferences. Webmin Configuration Added a field to the Advanced Options page to control the number of days that files in /tmp/.webmin are kept before automatic deletion.
Changes since Webmin version 1.350 Apache Webserver On Debian and Ubuntu systems, replaced the existing pages for selecting Apache modules with one that that configures the /etc/apache2/mods-enabled directory, for much simpler and more workable control over modules. Scheduled Cron Jobs Added a button on the Edit Job page for cloning an existing job. Linux Firewall Added a setup option to configure a firewall for a typical hosting server. LDAP Users and Groups UID and GID allocation is now done by querying the LDAP server for specific IDs, rather than fetching a list of all users to find which ones are used. This should be faster on large LDAP servers. Network Configuration Re-wrote Gentoo networking support code to work with 2006 and later versions. PostgreSQL Database Server Fixed a bug that prevented the 'valid until' date from being displayed for existing users. Disk Quotas Added a Module Config option to show both hard and/or soft quota percentages. SMART Drive Status Added a Module Config option for extra smartctl command-line args, like -d 3ware,0 Usermin Configuration Added an option to the Authentication page to block users with too many failed logins, as well as hosts. Created the new Blocked Hosts and Users page to show blocks currently in force, and allow them to be cleared. Webmin Configuration Added an option to the Authentication page to block users with too many failed logins, as well as hosts. Created the new Blocked Hosts and Users page to show blocks currently in force, and allow them to be cleared. Added an option to the Ports and Addresses page to control if Webmin attempts to to reverse-resolve the connected-to IP address when issuing redirects, such as from non-SSL to SSL mode.
Version 1.350 (1 June 2007) * Fixed an XSS security bug in pam_login.cgi. * Added plain-text mode and head section preservation to the File Manager HTML editor, and a field to select which user uploaded files are owned as. * Added Postfix module configuration options for the start, stop and restart commands. * Use the HTML output mode from the pgsql command in the PostgreSQL module, for more reliable data editing when DBI is not available. * The Running Processes module now shows real and virtual memory on Solaris. * Added Redhat Enterprise 5 support, and fixed SuSE 10 and Solaris-specific bugs
pkgsrc chages: use full distfile instead of non version indivisual module files. Version 1.340 (8 April 2007) * Change the default Blue Framed theme to match the style of www.webmin.com, and generally look nicer. * User interface cleanups in various modules (Apache, Backup Config, Webmin Configuration and others), adding tabs to reduce the size of pages and converting code to use ui-lib.pl. * The Perl Modules module can now fetch RPM or Deb packaged modules from YUM or APT, where available. * Added easy fields for sending SMS messages in the System and Server Status module (for US carriers that have email to SMS gateways). * Replace the old HTMLarea widget for HTML editing in the File Manager and Read User Mail modules with Xinha. * Linux quotas are now set with the setquota command, which shows up nicely in the actions log. * Optimizations to speed up getting the hostname and Postfix config settings. * Improved YUM and Redhat Network support in the Software Packages module. * View the detailed change log. Version 1.330 (27 February 2007) * If the underlying OS is upgraded after Webmin is installed, a message is displayed on the main page prompting you to fix it. * Added a feature in the BIND module for updating an IP address in multiple zones at once. * The File Manager now automatic detects HTML files and launches the correct editor. * Improved the LDAP module's support for large databases. * When there are too many tables or databases to display in the MySQL and PostgreSQL modules, a menu for selecting a specific table is shown instead. * Added functions to ui-lib.pl for tabs and hidden table sections. * Added support for comments to the Shorewall module, and improved logging * The Webmin Actions Log module can now rollback selected files changed by an action, rather than all of them. * View the detailed change log. Version 1.320 (21 January 2007) * Added the PHP Configuration module for managing php.ini. * Changed the default theme for new installs to the Blue Framed theme. * Improved handling of large file uploads so that they are no longer read into memory by Webmin webserver. Also added a progress bar window for tracking uploads. * Added checkboxes for deleting multiple objects at once in several modules. * Changed all rows of links (like Select all / Invert selection / Add something) to put | characters between them, to improve readability. * Big improvements in Windows support in various modules and the Webmin core. * Enhanced the System and Server Status module to allow monitoring of all hosts in a Webmin server group. * View the detailed change log. Version 1.310 (28 November 2006) * Big improvements in Ubuntu support, including the Bootup and Shutdown module, mounting filesystems specified with the UUID syntax, and various default module config changes. * Re-designed the Simple Blue theme to use frames. * Added support for IPv6 addresses in modules where the underlying servers allow them. * Supported HFS and FATX filesystems under Linux. * MySQL backups can now be compressed with gzip or bzip2. * Added file locking and logging to the Postfix module, and improved access control features. * Added checkboxes and buttons for mass deletion in the Cron and DHCP modules. * Added access control options for the Info window to the File Manager module, and a feature to allow extraction of ZIP files on the server. * View the detailed change log. Version 1.300 (15 September 2006) * Fixed security holes that allow the source of Webmin programs to be viewed, and allow cross-site-scripting attacks. * XML-RPC clients can now call Webmin API functions. * On systems with no root password, users with sudo access can login to Webmin as root. * Improved support for latest Debian and Fedora releases, including the new IPtables config system in Debian 3.1. * The file manager can now extract tar.bz2 files, store a history of entered paths, and show the total size of a directory. * The Filesystem Backup module can backup and restore TAR and dump files over FTP. * MySQL server variables and connections can be viewed and changes. * Table data can be sorted by clicking on headers in the MySQL and PostgreSQL modules. * Improved support for PostgreSQL 8, including editing tables with no OID field. * Sendmail and Postfix aliases and maps can have a comment associated with each entry. * Squid 2.6 is now supported. * View the detailed change log. Version 1.290 (29 June 2006) * Fixed a security hole that would allow a remote attacker to view any file on the system. * Added the LDAP Client module, for setting up a Linux system to get users and groups from an LDAP server. * Added support for sending email when a group is over quota to the Disk Quotas module. * Several other small fixes for bugs found since 1.280. * View the detailed change log. Version 1.280 (16 June 2006) * Added the Simple Blue theme, a less graphics-heavy design which may eventually become the default. This theme takes advantage of changes in many modules to use highlighting on table rows. * Updated the Apache module to support version 2.2.0. * Updated the various operating-specific NFS server modules to support mass deletion of exports, and to internationalize those that were using hard-coded text strings. * Updated various modules to allow deletion of multiple objects (such as table fields, Samba shares, PostgreSQL grants, Squid ACLs and so on) at once. * Added configuration options to the Read User Mail module for the date format, pager arrow locations, timezone and separate message window mode. * Updated the MySQL module to support views in MySQL version 5. * Enhanced the System and Server Status module to allow the selection of multiple hosts for each monitor, added a monitor type for testing an SQL server, and updated the Network Traffic monitor to support FreeBSD. * Fixed a security hole that allows remote viewing of any file on the system when Webmin is run on a Windows server. * View the detailed change log.
…s-htpasswd. This is the standard "htaccess-htpasswd" Webmin module to create .htaccess and htpasswd files to protect web-acessible directories.