Virtualmin virtual-server 3.74, virtual-server-theme 7.5, and security-updates 3.7

9 posts / 0 new
Last post
#1 Thu, 10/22/2009 - 00:59
Joe
Joe's picture

Virtualmin virtual-server 3.74, virtual-server-theme 7.5, and security-updates 3.7

Howdy all,

I've just rolled out Virtualmin virtual-server module version 3.74, as well as the Virtualmin Framed Theme virtual-server-theme module 7.5 and the Virtualmin Security Updates security-updates module version 3.7.

Changes in Virtualmin since 3.73:

  • Updated the Horde Passwd script installer to h3-3.1.1, PHPCoin to 1.6.5, OpenGoo to 1.5.3, LimeSurvey to 1.85plus-build7561-20090902, TextPattern to 4.2.0, CMS Made Simple to 1.6.6, phpMyFAQ to 2.0.17, TWiki to 4.3.2, Rails to 2.3.4, Radiant to 0.8.1, MoinMoin to 1.8.5, SugarCRM to 5.2.0j, Bugzilla to 3.4.2, phpMyAdmin to 3.2.2, Roundcube to 0.3-stable, Redmine to 0.8.5, Drupal to 6.14 and 5.20, Nucleus to 3.50, Magento to 1.3.2.4, Typo3 to 4.2.9, Movable Type to 4.32, TikiWiki to 3.2, Simple Invoices to 2009.1, and Plans to 8.1.3.
  • Updated Horde to version 3.3.4, and all sub-applications to their latest versions.
  • Added a script installer for the eXtplorer AJAX file manager, version 2.0.1.
  • If Postfix relay domains are stored in a hash, update it instead of adding to relay_domains in /etc/postfix/main.cf.
  • Additional allowed MySQL client hosts are now included in backups.
  • Added a warning to the configuration check for systems behind a NAT gateway with an incorrectly configured DNS IP address.
  • Added options to the Module Config page for selecting which columns appear on the List Virtual Servers page, including new ones like the reseller, email address and extra admins.
  • The contents of mailboxes from Windows Plesk backups are now properly migrated.
  • Updated the French translation, thanks to Houssin Regis.
  • Added the modify-php-ini API command to update PHP variables in one or more virtual servers at once.
  • Added validation to prevent SSL from being enabled on a virtual server with an invalid certificate or key.
  • Resellers can be denied access to plans using the Edit Reseller page, or via the modify-reseller API call.
  • Extra administrators can now change their own passwords, via a new link on the left menu.
  • Added a DNS template option to control which A records are added to new domains.
  • Fixed a bug that prevented paths in php.ini from being updated when a domain is renamed or moved.
  • Added a button on the Edit Reseller page to clone his settings for a new reseller.
  • Removed the 'Bring up virtual interfaces?' module configuration option, as use of an existing interface can now be done on a per-domain basis.

virtual-server-theme and security-updates are cosmetic bugfix releases with no notable changes in functionality.

As always, let us know of any problems you run into in the ticket tracker.

Thu, 10/22/2009 - 14:17
tpnsolutions
tpnsolutions's picture

Jamie/Joe,

Kudos on revising the DNS template option in this release!

This was something I'd requested, and am happy to say is working out amazing since the update.

After a few hours of running my automated script which simply enables and disables the DNS on selected domains, the new template took place like a charm.

Further testing clarified that new domains followed the new policy.

No more "m.domain.com" or "localhost.domain.com" WOO HOO!

Heh heh (i further disabled the "ftp.domain.com" since this isn't really useful in my install)

Now all we need is that updated email handling within Webmin/Virtualmin (which I know is somewhere on your todo list) so that I can have email handled by a completely different node in my network ;-)

Thanks guys, you truly rock!

-- Peter

Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Thu, 10/22/2009 - 15:38 (Reply to #2)
Joe
Joe's picture

Thanks for the kind words, Peter. Happy to hear the new DNS template options are useful to you (you know I fight tooth and nail against new options because the product is complex enough as it is; but if they're actually useful, Jamie wins out and they go in). ;-)

--

Check out the forum guidelines!

Thu, 10/22/2009 - 21:39 (Reply to #3)
tpnsolutions
tpnsolutions's picture

Joe,

I hear ya, I've skimmed through a few of the files making a few modifications in the past, and will agree that things are pretty complex in design. Heh heh

I've been pleased with you guys in every way, from providing extremely superb support to fielding a few requests when they have merit.

Generally speaking I attempt to find alternate solutions, or rethink the way I do things before requesting that you guys do :-)

The DNS option was just in my opinion a logical step to keep your product open in nature, as forcing records to be created by default with no way of changing such defaults doesn't really make things too flexible.

Prior to the update, the only way I was able to combat this was through a custom developed shell script which basically killed the extra unneeded records "after" they were added. (which worked, but seemed counter productive in nature.)

It was also my suggestion a few months ago to have the sub-server DNS records added to their respective parent DNS zone. Another exciting day in the life of a system administrator, LOL. (non-techies wouldn't understand that kind of joy)

Anyways, I just like to give credit where it is due.

No doubt, you've seen my nickname appear more and more in this forum over the last few weeks, not only as the author of feature request, support requests, or bug reports but as the person responsible for assisting others in part or in whole. Just another way I'm making an effort to give back. My contributions don't end there though, as I'm planning something real BIG. A surprise. Stay tuned...

Thanks again Joe, Jamie, and also Eric.

-- Peter

Best Regards,
Peter Knowles | TPN Solutions
Email: pknowles@tpnsolutions.com | Skype: tpnassist
Thu, 10/22/2009 - 15:36
Joe
Joe's picture

I was wrong about security-updates being a cosmetic bugfix. It introduces new default behavior with regard to listing other packages available for update. On systems with apt-get or yum, it will list all available updates to installed software, instead of merely listing those packages that are related to Virtualmin.

For folks with up to date systems, this won't really look any different, but if you haven't been updating the system itself on a regular basis (which we do recommend), you'll see a lot of available updates "suddenly" appear.

So, yes, you should be running the latest available versions from your OS vendor, and now the Virtualmin software updates module will remind you of that fact whenever you login.

But, remember that the packages in the updates list are not all from us, and we don't have control over most of them. So, it's not that we are recommending those packages; we're just reporting the available updates from your OS (and any other third party repositories you have configured). You can generally trust your OS vendor to roll out packages that aren't going to break things; third party repos to a lesser degree. And often, those updates are security-related releases, and so should be installed as soon as possible.

Anyway, my point is: We're now displaying all available updates in the security-updates module, regardless of where they come from, but don't blame us for any problems with packages that we don't control (it doesn't help, and annoys the pig).

--

Check out the forum guidelines!

Fri, 10/23/2009 - 03:07
Rogi

"You can generally trust your OS vendor to roll out packages that aren't going to break things; third party repos to a lesser degree. And often, those updates are security-related releases, and so should be installed as soon as possible."

This advice is in direct contradiction to Jamie's advice on this subject here: http://www.virtualmin.com/node/11942#comment-52007

Also, you have "suddenly' above in quotes thus; "Suddenly". I think it is safe to remove the quotes as long lists of updates caused by new unannounced default functionality in Virtualmin are indeed sudden (sans quotes).

Fri, 10/23/2009 - 10:19 (Reply to #6)
andreychek

They're kind of both right :-)

Usually, you can trust the OS vendor to get things right. They test things pretty thoroughly, and have an interest in seeing things work as well as possible.

That said, there have been a handful of issues over the years caused by vendor updates. It's unfortunate, but it does happen.

I would also like to mention, though, that we can't stress enough the importance of installing security updates :-)

So what should you do on your server?

I would personally recommend applying all vendor OS updates, security and otherwise -- with the caveat that as an administrator, you really need to have good, recent, reliable backups of your system.

Life is imperfect, and it's just asking for too much trouble to not have good, recent, and reliable backups :-)

If something is going to go awry (which is fairly rare), chances are that it'll be related to a config file, quite possibly one in /etc. With a backup of that directory (along with everything else!), it should only be a minimal hassle to fix the problem.

Which brings me to the final point -- I tend to recommend not doing automatic updates. That is, have a human actually push the trigger to perform the update, don't have them updated automatically. With that, you can see immediately if it's working as expected, rather than getting a pile of frantic phone calls at 6am.

Have a good one!

-Eric

Sun, 10/25/2009 - 03:40 (Reply to #7)
Joe
Joe's picture

This advice is in direct contradiction to Jamie's advice on this subject here: http://www.virtualmin.com/node/11942#comment-52007

Now that depends on what "if you need them" means, doesn't it? ;-)

I would say that if it's a security update for services or packages running on your system, then you need them, which is not at all a contradiction of my advice.

Besides, everybody knows you can't listen to Jamie. He's just making it all up as he goes along. Me, on the other hand, I'm an expert, and you should do everything I say without hesitation at all times. ;-)

--

Check out the forum guidelines!

Sun, 10/25/2009 - 03:51
Rogi

"Besides, everybody knows you can't listen to Jamie. He's just making it all up as he goes along. Me, on the other hand, I'm an expert, and you should do everything I say without hesitation at all times. ;-)"

Actually, the problem was that I know that both of you know what you are talking about. If I thought that one of you didn't it would be easy as I'd just ignore that one and listen to the other.

In the end I had already done as Eric (always by far the most sensible person around here anyway :)) suggested above and it worked out ok, so far, this time.

Ultimately, though, after much thought and reading of advice from you, Jamie, Eric, and half the rest of the 'net, I decided that when the subject of package updates is involved I'd simply join the club and do what everyone else is clearly doing - i.e. make it up as I go along and just hope for the best. :-)

R.

Topic locked