Virtualmin virtual-server 3.88 and other virtualmin-* module updates

Howdy all,

I’ve just rolled out a huge batch of updates to Virtualmin modules, including 3.88. This batch of updates includes the addition of hashed passwords, which requires update of all of the modules in the batch. Of course, we always recommend running the latest available version of everything, in this case, you’ll need to get them all in order to use the new feature (if you want to use the new feature). Before enabling this new feature, you should beware of some negatives of the option (the benefits of somewhat greater security for user account password data should be obvious).

Changes since 3.87:

  • Updated the PiWik script installer to version 1.5.1, phpBB to 3.0.9, WordPress to 3.2.1, Joomla to 1.6.6 and 1.7.0, SugarCRM to 6.2.2, phpMyAdmin to 3.4.4, Mantis to 1.2.8, Drupal to 7.8, Horde Webmail to 1.2.10, Horde to 3.3.12, ZenPhoto to, Moodle to 2.1.1, LimeSurvey to 1.91, RoundCube to 0.6-rc, PHPList to 2.10.15, WebCalendar to 1.2.4, eGroupWare to, PHP-Nuke to 8.2.4, Magento to, TWiki to 5.1.0, Mantis to 1.2.7, CMS Made Simple to, Instiki to 0.19.3, i-Dreams to 6.0, Zikula to 1.2.8, Django to 1.3.1, and Dolibarr to 3.0.1.
  • When a virtual server is disabled, any cron jobs run by its owner or mailbox users are also disabled.
  • An IPv6 address that is already active can now be used when creating a virtual server.
  • Checking for new script updates is now enabled by default on new installs and upgrades, unless explicitly disabled by root.
  • Added a tab to the Validate Virtual Servers page for fixing file ownership and permissions problems.
  • Storage of plaintext passwords for virtual servers and mailboxes can now be disabled on a per-template basis. Virtualmin will instead store only hashed passwords in multiple formats, which prevents passwords from being compromised if the system is hacked. Thanks to Dirk Ertner for supporting this feature.

The following modules have also been updated to support the hashed password feature:

  • virtualmin-multi-login 1.1
  • virtualmin-htpasswd 2.5
  • virtualmin-git 1.2
  • virtualmin-dav 3.5
  • virtualmin-svn 4.9
  • virtualmin-mailman 6.1
  • virtualmin-password-recovery 1.5
  • virtualmin-awstats 4.6
  • virtualmin-slavedns 1.6
  • virtualmin-init 2.2

As always, if you run into any bugs, let us know in the ticket tracker, and if you have questions don’t hesitate to ask in the forums.

Note that the hashed password feature is extremely far-reaching, and has several side effects. Passwords for MySQL cannot be treated the same as system passwords, and Virtualmin needs those passwords, thus MySQL databases get their own password when this feature is enabled (many people prefer this anyway, but it is more complicated). There are probably other side effects that I’m not yet aware of. As it is a very far-reaching new feature, we’re recommending you try it on a test machine before deploying it on a large scale.

I haven’t been able to install this on any of the 14 Virtualmin installs I manage, every single one has the exact same yum dependency error. I have a open ticket about this if anyone wishes to contribute.