I’ve just rolled out Virtualmin virtual-server module version 3.82.
This is a security release, so should be performed as soon as possible. The bug effects deployments where the “Extra admins” feature is in use and the show password option is enabled. It can be used to expose user passwords in other domains to any domain admin. Thanks go to Locutus for discovering this bug.
This release also fixes a number of bugs in DKIM support, in particular issues relating to key size and BIND record size limits. DKIM should actually work for most people in this version, whereas lots of folks had problems with 3.81.
Changelog since 3.81:
- Added a template option to specify file types to not perform variable substitution on when copying from the /etc/skel directory.
- Updated the Trac script installer to version 0.12.1, Instiki to 0.19.1, Rails to 3.0.1, phpMyAdmin to 3.3.8, Moodle to 1.9.10, Horde Webmail to 1.2.8, Horde to 3.3.10, IMP to 4.3.8, ZenCart to 1.3.9h, SugarCRM to 6.0.3, Redmine to 1.0.3, SMF to 1.1.12, and TWiki to 5.0.1.
- Virtual server backups can now be to multiple destinations, both local and remote. The time-consuming process of compressing each domain is done only once, and the resulting file then transferred to each destination.
- The maximum message size to check for spam can now be set even when regular spamassassin is used, as well as when using spamc.
- When Webalizer is enabled for a domain, allowed users for the /stats URL path can now be edited on the Protected Web Directories page.
- Fixed DKIM support to handle large numbers of domains.
- Added byte quota sizes to the list-domains, list-users and list-resellers API calls, which are easier for code to parse.
As always, if you run into any problems let us know in the ticket tracker.
Also, one other note: The Debian/Ubuntu repositories don’t yet have this release, but it will be in place in a few minutes.