Webmin 1.400 and Usermin 1.330

Howdy all,

I’ve rolled out updates to Webmin and Usermin for all systems. Upgrading immediately is recommended, as the update fixes a new class of XSS vulnerability.

Changes since Webmin 1.380 (we skipped 1.390 due to a bug in the quotas module that effected Virtualmin):

[li]Links from unknown referers are no longer allowed by default, to block a new class of XSS attacks.[/li]
[li]Many modules have been converted to use the new Webmin UI library, for a more consistent look.[/li]
[li]The Backup Configuration Files module can now include directories, and connect to FTP and SSH servers on different ports.[/li]
[li]Changed the layout of the Scheduled Cron Jobs module, and added a search for if there are more than 100 jobs.[/li]
[li]Added a second layer to the UI of the Partitions on Local Disks module, so that the first page shows only disks.[/li]
[li]Re-designed the layout of the Logical Volume Management module, and fixed removal of physical devices with LVM 2.[/li]
[li]Fixed login problems in the MySQL module, added searching for variables, added tabs to the Execute SQL page, and prevented the display of huge lists of databases and tables.[/li]
[li]Created a dedicated page in the Sendmail module for ports and addresses, and added support for Maildir mail stores.[/li]
[li]Added outgoing BCC mapping support to the Postfix module.[/li]
[li]The BIND module now supports Windows, and can add records that already exist to multiple domains.[/li]

Version 1.390 (20 December 2007)

[li]Added the LDAP Server module, for managing OpenLDAP and browsing it’s database.[/li]
[li]Webmin modules and help pages can be searched using a new field on the left frame of the default theme.[/li]
[li]The BSD Firewall (IPFW) module now supports the file format used natively by FreeBSD’s /etc/rc.conf file.[/li]
[li]Support for VLANs and channel bonding on Debian, comments on interfaces on Redhat and alias interface bugfixes for FreeBSD, all in the Network Configuration module.[/li]
[li]The PAM module now supports include directives, and the UI has been re-written.[/li]
[li]More map types are supported in the Postfix module.[/li]
[li]Squid proxy reply restrictions can now be managed, from a re-designed access control page.[/li]
[li]Logged Webmin actions can now have a comment attached explaining why they were done.[/li]
[li]All cluster modules now have an option to show hosts in a table.[/li]
[li]Big contributed Italian and Catalan translation updates.[/li]

Changes in Usermin:

Version 1.330 (8 February 2007)

[li]Links from unknown referers are now blocked by default, to prevent XSS attacks. This may break browsers that don’t supply a Referer: HTTP header.[/li]
[li]The default From: address for autoreplies now respects the default address set in the user’s address book.[/li]
[li]Added a configuration option to the Protected Web Directories module to deny users the ability to add or edit protected directories.[/li]
[li]The number of unread messages in each folder can be displayed using a new Preferences option in the ‘Mail folders’ section. By default this is only enabled for IMAP folders, as computing the unread count for other folder types can be slow for if they contain a large number of messages.[/li]
[li]IMAP and POP3 folders can now have their logins set to be the same as the Usermin login.[/li]
[li]When deleting or moving all messages in the search results folder, the original emails are correctly deleted.[/li]
[li]Added warnings if a message is sent with no recipient or subject.[/li]
[li]Added tabs to the Upload and Download module, and support for downloading a whole directory in ZIP format.[/li]
[li]MySQL and PostgreSQL user-interface related settings can now be made on a per-user basis, rather than being global.[/li]
[li]Fixed a bug in the MySQL module that could prevent logins.[/li]